This week, the National Crime Agency (NCA) announced the successful takedown of a Crimeware As A Service (CaaS) platform that offered the ability to spoof telephone numbers which was used by criminals to conduct mass fraud against victims in multiple countries.

The announcement details the months-long work undertaken by investigators to unpick the “Russian Comms” platform and identify those responsible for the creation, and management of the number spoofing site.

In March, two men aged 26 and 28 were arrested in Newham, East London, by NCA officers. These men are suspected to be the platform’s developers and administrators. As part of these raids, the platform hosting Russian Comms was taken down.

Then in April, a third man from Newham was arrested. He is suspected of being a close affiliate to the others, and handset courier.

Another user was arrested in Potters Bar this week, by the Eastern Region Special Operations Unit.

Action to identify and arrest others involved in the scamming site will continue over the coming months.

NCA officers entering the house of one of those arrested in Newham

What was Russian Comms?

Russian Comms was a website offering access to a platform that scammers could use to hide their identity by appearing to be calling from pre-selected numbers, most commonly those of financial institutions, telecommunications companies and law enforcement agencies. This enabled the scammers to gain the trust of victims before stealing their money and personal details.

Between 2021 and 2024, over 1.3 million calls were made by Russian Coms users to 500,000 UK phone numbers. Of those who reported there thefts to Action Fraud, the average loss suffered by victims is over £9,400.

Russian Coms was available initially as a handset and, latterly, as a web app.

The service was marketed through social media platforms such as Snapchat, Instagram and Telegram. According to adverts for the platform, the service included “unlimited minutes”, “hold music”, “encrypted phone calls”, “instant handset wipe”, international calls, voice changing services, and 24/7 support.

The handset was loaded with a number of fake applications that had no functionality to make it look like an everyday smartphone if seized by law enforcement. I device also had several VPN apps, allowing the user to hide their IP address. It also included burn app that instantly wiped the phone after being activated.

Related Articles

Huge leak of PII claims to expose all UK, Canada & US citizens
General blogs

Huge leak of PII claims to expose all UK, Canada & US citizens

Mark
Compromising Operational Technology (OT)
General blogs

Compromising Operational Technology (OT)

Mark
Operation Endgame – a new approach to tackling cybercrime
General blogs

Operation Endgame – a new approach to tackling cybercrime

Mark
Cyber Security Frameworks – what are they?
General blogs

Cyber Security Frameworks – what are they?

Mark
AI – bringing the worst out of people
General blogs

AI – bringing the worst out of people

Mark