Dozens arrested and thousands of victims contacted after scam site taken offline

As many as 70,000 UK victims were tricked by LabHost's scams, ITV News' Kaf Okpattah reports


A UK-founded website used to defraud victims on an industrial scale has been infiltrated by police, leading to a number of arrests around the world.

As many as 70,000 UK victims were tricked by LabHost's scams, which obtained 480,000 card numbers and 64,000 PINs globally.

Set up in 2021 by a criminal network, LabHost enabled users to set up phishing websites designed to trick victims into revealing personal information such as email addresses, passwords, and bank details.

Phishing is a form of scam where attackers deceive people into revealing sensitive information by masquerading as a legitimate person.

Criminal subscribers were able to log on and choose from existing sites or request bespoke pages replicating those of trusted brands including banks, healthcare agencies and postal services.

Equipment seized by the Met Police. Credit: PA/Met Police

LabHost even provided templates and an easy to follow tutorial allowing would-be fraudsters with limited IT knowledge to use the service. At the end of the tutorial, a robotic voice told fraudsters: “Stay safe and good spamming.”

The website has now been taken down, with law enforcement agencies arresting 37 suspects across the UK and around the world, including at Manchester and Luton airports, as well as in Essex and London. By the beginning of 2024, more than 40,000 fraudulent sites had been created with the help of LabHost, and 2,000 users were registered and paying a monthly subscription fee. LabHost provided its subscribers with fake profiles for 170 companies to trick victims, including 47 based in the UK. Those subscribing to the “worldwide membership”, meaning they could target victims internationally, paid between £200 and £300 a month. Since creation, the site has received just under £1 million in payments from criminal users. Shortly after the platform was seized and disrupted, 800 users received a message telling them that police “know who they are and what they’ve been doing”.

Police hope they can dissuade former LabHost subscribers from further offending by creating the same level of fear about their information as their victims. As part of Operation Stargrew, detectives have contacted up to 25,000 victims in the UK to tell them their data has been compromised. Work began in June 2022 after detectives received crucial intelligence about LabHost’s activity from the Cyber Defence Alliance – a group of British-based banks and law enforcement agencies which work together to share intelligence. In November 2022, the Met arrested more than 130 suspects as part of Operation Elaborate. An estimated 200,000 victims were targeted by a scam stealing millions from the public via fake bank phone calls. Dame Lynne Owens, deputy commissioner of the Metropolitan Police Service, said: “You are more likely to be a victim of fraud than any other crime. "In addition to the financial impact, it undermines the public’s confidence in the tools and technology they need to use in daily life. Our collective approach should ensure suspects feel that same level of distrust in their own criminal environment. “Online fraudsters think they can act with impunity. They believe they can hide behind digital identities and platforms such as LabHost and have absolute confidence these sites are impenetrable by policing.

Lab Host provided tutorials to subscribers looking to set up scam websites. Credit: PA

“But this operation and others over the last year show how law enforcement worldwide can, and will, come together with one another and private sector partners to dismantle international fraud networks at source. “Our approach is to be more precise and targeted with a clear focus on those enabling online fraud to be carried out on an international scale.” Adrian Searle, director of the National Economic Crime Centre in the NCA, said: “Fraud is a terrible crime that impacts victims both financially and psychologically, undermining our collective trust in others and the online services on which we all rely. “Together with cyber crime, it makes up around 50% of all crime in England and Wales. Recognising the scale and nature of the threat, law enforcement are working evermore closely together, both here and overseas, to target the fraudsters and the technology they are exploiting. “This operation again demonstrates that UK law enforcement has the capability and intent to identify, disrupt and completely compromise criminal services that are targeting the UK on an industrial scale.”


Want a quick and expert briefing on the biggest news stories? Listen to our latest podcasts to find out What You Need To Know…