Student Jailed For £100M Phishing Fraud Scheme

Uploaded on 2025-08-01 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Th UK has drawn attention to a large-scale cyber fraud operation centered around phishing kits. Now, A University student who sold more than a thousand phishing kits which were used to defraud victims of millions of pounds, has today been jailed for seven years. 

Ollie Holman, 21, admitted to selling phishing kits, which contained fraudulent webpages designed to look genuine, to dupe victims into filling in their own personal and financial information.

Holman, of Eastcote, West London, previously pleaded guilty to seven counts, including encouraging or assisting the commission of an offence, making or supplying articles for use in fraud, and transferring, acquiring, and possessing criminal property.

He was sentenced at Southwark Crown Court to seven years imprisonment on Wednesday, 23 July 2025. He was also given a Serious Crime Prevention Order following an application from the prosecution. 

Holman has admitting creating and distributing over 1,000 phishing kits that enabled others to carry out global digital fraud.

These kits were designed to mimic login pages of banks, charities, and large organisations, tricking users into entering personal and financial information. 

In one case a kit was used to mimic a charity’s donation webpage so when someone tried to give money, their card details were taken and used by criminals.

Around 69 institutions in 24 countries were targeted, with damages reaching at least £100 million, according to a statement published by the Crown Protection Services.

Distributed through encrypted Telegram channels, the tools were not only sold but supported. The developer provided technical assistance and guidance to buyers, ensuring the phishing pages functioned effectively, an approach more often seen in commercial software support than in cybercrime.

Police arrested Holman in October 2023 at his Canterbury University accommodation and they seizing a lot of his digital devices. 

Despite the initial arrest, he allegedly continued offering support for his tools via Telegram, prompting a second arrest in May 2024 at his home. The electronic digital evidence that was found at his home played a crucial role in his sentence.  

The phishing kits were customisable and designed to work across platforms, increasing their appeal to cyber criminals with limited technical knowledge. 

In effect, they democratised access to high-quality fraudulent tools, enabling a broader base of actors to conduct financial scams with minimal effort. In addition to the prison sentence, the court imposed a Serious Crime Prevention Order to restrict the individual’s ability to participate in or support future criminal activity. This civil measure is intended to prevent further involvement in similar offenses after release.

The case underlines the growing threat posed by turnkey cyber crime tools and highlights the importance of prosecuting such offenses. It also reflects the importance of punishing not only the end users of these tools, but also the developers enabling widespread digital fraud.

Image: Pixabay

Crown Prosecution Service   |   I-His   |   The Guardian   |   BBC  |  Freevacy   |   Law 360    |   ITV

Image: 

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« BitSight Reveals Critical Gaps & New Cybersecurity Priorities For Organisations
Hackers Have Stolen US Insurance Customer Data »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Rafael

Rafael

Rafael has more than 15 years of proven experience in the cyber arena providing solutions for national security as well as commercial applications.

Maritime Cybersecurity Center (MCC)

Maritime Cybersecurity Center (MCC)

Maritime Cybersecurity Center is a not-for-profit organization focused on regional cybersecurity excellence and readiness, with a special emphasis on the maritime community.

National Forensic Sciences University (NFSU) - India

National Forensic Sciences University (NFSU) - India

National Forensic Sciences University is the world’s first and only University dedicated to Digital Forensic and allied Sciences.

Infopulse

Infopulse

Infopulse is a global provider of Software Engineering, Cloud & IT Infrastructure Management, and Cybersecurity services.

Futurae Technologies

Futurae Technologies

Futurae - enabling trust and invisible security for your users on all devices and applications. Strong customer authentication (SCA) made easy.

Snowflake

Snowflake

Empower your cybersecurity and compliance teams with Snowflake. Gain full visibility into security logs, at massive scale, while reducing costs of Security Information and Event Management systems.

Xopero Software

Xopero Software

Xopero Software develops a comprehensive range of professional tools for protecting and restoring critical business data.

Bright Security

Bright Security

Bright Security is a developer-centric Dynamic Application Security Testing (DAST) solution that helps organizations ship secure applications and APIs quickly and cost-effectively.

Cyware

Cyware

Cyware is the only company building Virtual Cyber Fusion Centers enabling end-to-end threat intelligence automation, sharing, and unprecedented threat response for organizations globally.

ISO WISH

ISO WISH

Take your Business to the Next Level with ISO Certification in UAE.

Astran

Astran

At Astran, we revolutionize data security by introducing a groundbreaking solution for data confidentiality headaches.

DuckDuckGoose

DuckDuckGoose

DuckDuckGoose offer advanced solutions to protect against manipulated videos, images, voices and texts.

Nexio

Nexio

We are Nexio. We help organisations take every NEXT step toward their accelerated digital transformation.

UBDS Digital

UBDS Digital

UBDS Digital is your Digital Lifecycle Partner for Secure Cloud Transformation.

Cyscomply

Cyscomply

Cyscomply is an AI-powered self-assessment platform to identify gaps, benchmark against global standards and take the right action. You can assess against NIST CSF, DORA, ISO 27001, NIST 800-171.

GRC Kompas

GRC Kompas

GRC Kompas is a Dutch cybersecurity consultancy specializing in NIS2 compliance for Managed Service Providers (MSPs) and IT service providers.