EU Cracks Down on Phone Number Masking to Protect Consumers

Phone number masking cases have caused European authorities to issue advice on how to prevent fraud.

While the big European fraud trial of the moment is the Wirecard case, in which former executives of the German payments company are trying to pin the blame on each other for embezzling from the firm’s clients, another case that is of more concern to consumers is also unfolding.

Following an international law enforcement sting, a series of arrests last month have shone a light on the iSpoof online fraud tool and the criminals that used it.

The online service enabled cybercriminals to mask their phone numbers with one belonging to a trusted organization and was used to trick victims into believing a bank, retail company or government agency was calling them.

Phone number spoofing facilitated by iSpoof was used by fraudsters to conduct a variety of social engineering scams, intercept one-time passwords, and phish consumers’ login credentials.

The pan-European law enforcement agency Europol stated on its website that “In an international coordinated action carried out in November 2022, 142 users and administrators of the website were arrested across the world.”

In a press release detailing its involvement in the operation, the Dutch police force has cautioned consumers to remain vigilant against fraud and always follow best practices for information security.

For example, it is reminding people that banks will never ask them to transfer money and that they should report any callers claiming to be from their bank requesting they hand over account details or initiate a transaction.

In one simple but crucial piece of advice, the agency wrote, “if someone asks for your details or PIN code, hang up immediately!”

While some may roll their eyes at the obviousness of such warnings, iSpoof scams worked exactly because they were able to convince victims of the legitimacy of the caller.

For example, many scams involved crooks calling up victims pretending to be from their bank and asking them for their online banking login credentials. But banks will rarely ever call their customers out of the blue and will never ask for this information.

Crypto’s Role in Global Fraud Highlighted

As efforts to track iSpoof users continue, investigators will be focusing on transaction records that reveal the origin of payments made in bitcoin to the spoofing platform.

While tracing bitcoin transactions can be difficult, the EU is looking to require crypto asset service providers to enforce stricter anti-money laundering (AML) measures.

Learn more: New AML Measures a ‘Tectonic Shift’ in EU Approach to Combating Financial Crime

Earlier this year, EU lawmakers reached a provisional deal on a new bill that will govern crypto transfers and bring them up to the same regulatory standards as other financial transactions.

The agreement is set to extend to crypto assets the “travel rule,” which requires that information about the sender and receiver of an asset travels with the transaction and is stored on both sides of the transfer, better enabling investigators to follow the trail of “dirty” money.

As PYMNTS reported last month, it was recently revealed that a draft version of the new bill seeks to ban regulated firms like Monero and Dash from dealing in untraceable cryptocurrencies.

Meanwhile, the Basel Committee on Banking Supervision of the Bank for International Settlements (BIS) recently published updated guidelines for banks that deal in crypto assets.

Alongside a framework for risk management, including money laundering risks, the BIS has established a limit of 2% for crypto reserves at banks. In general, banks’ crypto exposure should not exceed 1%, the Basel Committee said.

For all PYMNTS EMEA coverage, subscribe to the daily EMEA Newsletter.