PHOTO
A global law enforcement operation has disrupted a website used by criminals to try to defraud tens of thousands of victims, British police said Thursday.
Officers, working in cooperation with large technology firms, infiltrated the LabHost website, and then raided 70 premises, arresting 37 suspects in the United Kingdom and elsewhere since Sunday, according to London's Metropolitan police, which led the operation.
Four of those held in the UK following the 22-month probe are thought to be the operators and creators of the platform, Europol added in a separate statement.
LabHost, set up in 2021, enabled the creation of scores of so-called phishing websites to trick victims into revealing personal information such as bank details and passwords, police said.
Subscribers could choose from existing sites or request bespoke pages replicating those of trusted brands including banks, healthcare agencies and postal services.
The investigation uncovered at least 40,000 phishing domains linked to LabHost, which had some 10,000 users worldwide, according to Europol.
Some were paying up to £300 ($374) a month for a "worldwide membership" to target intended victims internationally with the fraudulent sites, UK police noted.
LabHost has received nearly £1 million in payments from its users, while detectives have so far established that almost 70,000 UK victims have entered their details into one of the fake sites, they added.
Globally, the criminal enterprise has obtained 480,000 card numbers as well as more than one million passwords used for websites and other online services.
The Met did not disclose how much money had been defrauded from victims. LabHost and its linked fraudulent sites have been disabled since Wednesday, the force said.
The investigation -- started in June 2022 -- followed a tip-off from industry body the Cyber Defence Alliance, which provided "crucial intelligence".
Europol and police agencies in 18 countries, as well as companies including Microsoft, Chainalysis and Intel 471, took part in the operation.
It involved law enforcement in Australia, Austria, Belgium, Finland, Ireland, the Netherlands, New Zealand, Lithuania, Malta, Poland, Portugal, Romania, Spain, Sweden, the United States, Czech Republic and Estonia.
It comes months after an international operation led by UK and US law enforcement disrupted the Russian-linked ransomware specialist LockBit, which was dubbed "the world's most harmful cybercrime group".
Police worldwide have also collaborated on numerous other joint probes to target online fraudsters in recent years.
Met Police Deputy Commissioner Lynne Owens hailed the LabHost operation as showing global law enforcement "will come together with one another and private sector partners to dismantle international fraud networks at source".
"Our approach is to be more precise and targeted with a clear focus on those enabling online fraud to be carried out on an international scale," she added.