Global police agencies take down massive scam website that defrauded thousands of victims

Illustration of a cybercriminal using a computer.Seksan Mongkhonkhamsao | Moment | Getty Images

A huge fraud website used by thousands of criminals to trick people into handing over personal information such as email addresses, passwords and bank details, has been infiltrated by international police.

Britain's Metropolitan Police said in a statement Thursday that the website, called LabHost, was used by 2,000 criminals to steal users' personal details.

Police have so far identified just under 70,000 individual U.K. victims who entered their details onto a website linked to LabHost. A total of 37 suspects have been arrested so far, according to the Metropolitan Police.

Police have also disrupted those websites and replaced the information on their pages with a message stating that law enforcement has seized the services.

LabHost obtained 480,000 credit card numbers, 64,000 PIN codes, as well as more than 1 million passwords used for websites and other online services, the Metropolitan Police said.

The Metropolitan Police said that up to 25,000 victims in the U.K. have been contacted by police to notify them that their data has been compromised.

What is LabHost?

Police say that LabHost was set up in 2021 by a criminal cyber network which sought to scam victims out of key personally identifiable information, such as bank details and passwords, by creating fake websites.

Criminals were able to use it to exploit victims through existing sites, or create new websites mimicking those of trusted brands including banks, health-care providers and postal services.

“Online fraudsters think they can act with impunity,” Dame Lynne Owens, deputy commissioner of the Metropolitan Police Service, said in a statement Thursday.

“They believe they can hide behind digital identities and platforms such as LabHost and have absolute confidence these sites are impenetrable by policing.”

Owens added that the operation showed “how law enforcement worldwide can, and will, come together with one another and private sector partners to dismantle international fraud networks at source.”

Private companies including blockchain analysis firm Chainalysis, Intel 471, Microsoft, The Shadowserver Foundation and Trend Micro worked with police to identify and bring down LabHost.

The investigation started in June 2022 after police received intelligence about LabHost's activities from the Cyber Defence Alliance, an intelligence-sharing partnership between banks and law enforcement agencies.

The Met's Cyber Crime Unit then joined forces with the National Crime Agency, City of London Police, Europol, regional U.K. authorities, as well as other international police forces to take action.