Police say that bad actors used the site iSpoof to target at least 200,000 potential victims and steal more than $120 million. The scale of the losses proves that banks need to do more to warn against this kind of social engineering attack.

International authorities just shut down a vicious fraud operation that allowed bad actors to imitate bank employees by disguising their phone numbers as legitimate bank lines. Fraudsters used iSpoof to pose as reps from the likes of Barclays, Santander, HSBC, Lloyds, and Nationwide.  

“The exploitation of technology by organized criminals is one of the greatest challenges for law enforcement in the 21^st century,” said Met police commissioner Sir Mark Rowley in a press release. It’s also one of the greatest challenges for banks.  

Though banks aren’t legally or financially culpable for this kind of deception, it harms their reputation and erodes trust with customers. While technology has emerged to prevent (or at least sound the alarm on) many different kinds of fraud, customer education is still the best way to mitigate social engineering tactics like iSpoof’s.  

Financial firms have tried to get the word out that customers shouldn’t trust caller ID – urging them to hang up if they get a call from their bank and then redial themselves – but the scale of this latest bust proves that more awareness is needed.