The UK’s National Crime Agency (NCA) has shut down a global call-spoofing operation called ‘Russian Coms’ which is believed to have been used to swindle more than 170,000 victims.
Russian Coms
Russian Coms is the name of the major caller ID spoofing platform used by criminals to make over 1.8 million fraudulent calls to victims in 107 countries, including the UK, US, New Zealand, Norway, and France. Started in 2021, the platform is believed to have been responsible for financial losses amounting to tens of millions of pounds. It was the Russian Coms platform itself that was shut down by the NCA.
What Is Call Spoofing / ID Spoofing?
Call spoofing, also known as ID spoofing, is a technique used to falsify the information displayed on the caller ID screen of the recipient’s phone. In other words, it allows the caller to appear as though they are calling from a different number. Criminals can, therefore, display the actual number of the victim’s bank or a government agency, thereby deceiving the recipient into answering the call or divulging sensitive information.
Criminals Paid For Months of Call Spoofing Features
In the case of the Russian Coms platform, criminals were paying to use the Russian Coms platform to enable them to conduct ID spoofing activities, e.g. they were paying the Russian Coms administrators between £1,200 and £1,400 in cryptocurrency (for anonymity) for a six-month contract use the platform. This provided the criminals with services such as a smartphone (or, more recently, a web app) encrypted calls, web phone capabilities, instant handset wipes, voice-changing features, international calls, and 24/7 support. These features allowed them to spoof the phone numbers of banks or financial institutions, to gain the trust of their victims before stealing money and personal details.
Example
An example of the kind of ID Spoofing crime committed using the platform was the criminal using the platform’s services would spoof the phone number of a bank (e.g. call a victim pretending to be from their bank) and deceive them into transferring their money to a new account by claiming that fraudulent activity had been noticed in their current account.
London, Not Russia
In fact, despite the name of the platform, the two men suspected of being the platform’s developers and administrators (aged 26 and 28), were arrested in Newham, London, back in March. A third man, also 28 years old, suspected of being the handset courier, was arrested in April, and last week, one of the many hundreds of scammers thought to have used the platforms services was arrested in Potters Bar.
Handsets pre-loaded
The smartphone-style handsets provided to scammers as part of the Russia Coms service are reported to have been preloaded with fake apps to fool law enforcement, a VPN to hide the scammer’s IP address, and a ‘burn app / burner app’ that could be used to wipe the handset instantly if needed.
How Much?
The NCA has reported that between 2021 and 2024, the criminal users of Russian Coms made 1.3 million+ calls to 500,000 unique UK phone numbers, and the average reported loss of victims was more than £9,400.
Bailed
Although the 3 men arrested in the UK suspected of being associated with the operation of Russian Coms have been bailed, it’s understood that a global operation is now under way to track down the many hundreds of criminals who used the platforms services.
What Does This Mean For Your Business?
The shutting-down of the Russian Coms operation by the UK’s National Crime Agency (NCA) is a reminder of the evolving sophistication of cyber threats that individuals and businesses face today. For businesses, it’s a reminder of the pressing need to remain vigilant and proactive in their cybersecurity measures and of the importance of implementing robust security protocols to safeguard sensitive information.
It’s also a reminder to businesses to ensure that their employees are trained to recognise phishing and spoofing attempts, as these are common methods used by cybercriminals to gain unauthorised access to company and customer data. Regular training sessions and updated cybersecurity policies can help mitigate these risks.
Businesses should also consider investing in advanced security technologies such as multi-factor authentication, end-to-end encryption, and anti-spoofing measures. These tools can provide an extra layer of security, making it more difficult for cybercriminals to impersonate trusted entities and deceive employees or customers.
The case of Russian Coms also highlights the significance of monitoring and reporting suspicious activities. Prompt reporting to authorities can aid in the swift takedown of fraudulent operations and protect other potential victims. Establishing a clear protocol for employees to report suspicious communications can enhance the overall security posture of the organisation.
Also, the financial implications of cyber fraud cannot be overstated. With reported average losses exceeding £9,400 per victim, the cumulative impact on affected businesses and individuals can be devastating. Therefore, it is crucial for businesses to have comprehensive insurance policies that cover cyber-related incidents and potential financial losses.
The dismantling of Russian Coms appears to be a victory for law enforcement but also a wake-up call for businesses worldwide. By adopting stringent cybersecurity measures, educating employees, and staying vigilant, businesses can better protect themselves against the ever-present threat of cybercrime. The proactive steps taken today can prevent costly breaches and preserve the trust and integrity that are vital to a company’s success.