LabHost, a one-stop shop for aspiring fraudsters, tricked as many as 70,000 victims in the UK alone.
Dozens of people around the world have been arrested after police disrupted a UK-founded website scamming victims on an industrial scale.
LabHost, a site set up in 2021, tricked as many as 70,000 UK victims, obtaining 480,000 card numbers and 64,000 PINs worldwide, the Metropolitan Police said.
It was created by a criminal network and enabled more than 2,000 users to set up phishing websites designed to steal personal information such as email addresses, passwords and bank details.
Criminal subscribers could log on and choose from existing sites or request bespoke pages replicating those of trusted brands such as banks, healthcare agencies and postal services.
The website even provided a tutorial to cater for wannabe fraudsters with limited IT knowledge, with a robotic voice saying at the end: “Stay safe and good spamming.”
Those subscribing to worldwide membership – meaning they could target victims all around the world – paid between £200 and £300 a month.
Since it began, the site has received just under £1m in payments from criminal users.
But just after it was seized and disrupted, its 800 customers got a message telling them that police knew who they were and what they were doing.
Thirty-seven people were arrested around the world, including some at Manchester and Luton airports, as well as in Essex and London.
Detectives have also contacted up to 25,000 UK-based victims to tell them their data has been compromised.