#CoSoSec

Dozens arrested and thousands of victims contacted after scam site taken offline

As many as 70,000 UK victims were tricked by LabHost's scams

LabHost's scams, which obtained 480,000 card numbers and 64,000 PINs globally.

Set up in 2021 by a criminal network, LabHost enabled users to set up phishing websites designed to trick victims into revealing personal information such as email addresses, passwords, and bank details.

https://www.met.police.uk/advice/advice-and-information/wsi/watch-schemes-initiatives/operation-stargrew/labhost-disruption/

Work began in June 2022 after detectives received crucial intelligence about LabHost’s activity from the Cyber Defence Alliance – a group of British-based banks and law enforcement agencies which work together to share intelligence.

In November 2022, the Met arrested more than 130 suspects as part of Operation Elaborate. An estimated 200,000 victims were targeted by a scam stealing millions from the public via fake bank phone calls.

Set up in 2021 by a criminal network, LabHost enabled users to set up phishing websites designed to trick victims into revealing personal information such as email addresses, passwords, and bank details.

Criminal subscribers were able to log on and choose from existing sites or request bespoke pages replicating those of trusted brands including banks, healthcare agencies and postal services.

LabHost even provided templates and an easy to follow tutorial allowing would-be fraudsters with limited IT knowledge to use the service. At the end of the tutorial, a robotic voice told fraudsters: “Stay safe and good spamming.”

law enforcement agencies arresting 37 suspects across the UK and around the world, including at Manchester and Luton airports, as well as in Essex and London.