Op Elaborate is the UK’s largest-ever proactive fraud operation. The Met Police has led an international investigation targeting a website that enabled criminals to disguise their phone numbers and commit fraud, a practice known as ‘spoofing’. Criminals try to steal personal info by making it look like they’re contacting you from a trusted organisation e.g. a bank/building society. The Met has taken down a website used to make 10million spoof calls between June 21-July 22.

The difference between spoofing and phishing is that while spoofing uses someone else’s identity, phishing attacks try to access sensitive information. Typical phishing scams involve luring victims with bait like spoofed emails and tricking them into providing personal data that can be used for ID theft.

Spoofing attacks make it appear that the hacker’s communications can be trusted because they mimic the look and feel of trusted sources. Many phishers use spoofing to trick their victims into believing their email is legitimate. This kind of manipulative social engineering is how phishing scams convince you to disclose personal info. If you think you have been a victim of fraud, or someone has tried to steal your personal info:

1. report it to Action Fraud online – when filling out the report, include your telephone number (the one you received the spoofed call on) and cut/paste the word Elaborate into the free text field of your report
2. change your passwords
3. remain vigilant against the most common types of spoofing. Look out for common signs of a spoofing attack, and you’ll have a much lower chance of falling foul
4. if you’re being asked to submit personal info, like a password/credit card number, call the sender to confirm using the contact number listed on their real website. Manually enter their URL into your web browser, check the website for signs of website spoofing, and don’t click any links in the suspicious email you received
5. don’t open attachments that you don’t expect to receive, especially if they have unusual file extensions
6. get in the habit of hiding your IP address when surfing the web to prevent IP spoofing. This can be done by using a virtual private network (VPN)
7. check before you click, hover over any links before you click to verify the URL. If you do click, confirm the URL after the page loads to ensure you weren’t redirected. Stick to sites that use HTTPS encryption

Valkyrie Updates


Stay informed with the latest insights, expertise and innovations in the world of security with Valkyrie’s news, reports and white papers