Large phishing provider taken down in intl. police action; 5 arrests in Netherlands

Labhost, an international phishing as-a-service provider, was taken down in an international police action involving 18 countries and various security services like Europol and the FBI. The Dutch police arrested five Labhost users in the Netherlands and had cease-and-desist conversations with two more.

Labhost gave users paid access to fishing pages that resemble websites of banks and government agencies, among others. After payment, users could host a page on their own server and send the link to victims via spam emails or texts. Victims think it's their bank or a government agency contacting them and provide personal data, with which criminals can carry out other types of fraud.

The international authorities took down the phishing provider on Monday after the arrests of its administrators in the United Kingdom. At the time, Labhost had 7,000 users worldwide. Together, they stole the details of 500,000 credit cards and 1.2 million unique usernames and passwords.

On Tuesday, the Dutch police arrested five Labhost users and searched six homes. They seized 57 data carriers, over 100 sim cards, and five firearms, among other things. The arrested suspects are between 21 and 36 years old and from Leeuwarden, Papendrecht, Woudenberg, and Vleuten. “The victims of these users were not in the Netherlands,” the police said.

The police also held two cease-and-desist conversations with users of the site. More arrests and raids may follow.

The investigation started in the United Kingdom in mid-2023. The UK authorities quickly realized that Labhost had an international character. The action eventually included cooperation with 18 countries and various security services.

“Thanks to the result of this collaboration, it is made more difficult for criminals to continue this form of fraud, and they know that international services have them in their sights,” the Dutch police said.