The iSpoof website involved in the scam was advertised openly on the internet. It allegedly provided access to a server, initially based in Holland and then Ukraine, which criminals could use to make anonymous calls to victims from a spoof phone number.
This allowed them to pose as employees of banks including Barclays, Santander, HSBC, Lloyds, Halifax, First Direct, NatWest, Nationwide and TSB.
Victims were asked to enter a "one-time code" or password for their account into their phone, which was intercepted by the iSpoof server and made available to the fraudsters.
Criminals could then use these details to "clear out the accounts" of their victims.
https://www.bbc.co.uk/news/uk-63736573
