A man will spend the next five years three months in prison for using banking malware to steal almost a million pounds from victims.
On 19 December, the Croydon Crown Court passed down the sentence onto Tomasz Skowron, 29, of Meredith Road, Worthing after he pleaded guilty to charges of conspiracy to defraud, fraud, and money laundering.
Skowron's crimes date back to at least December 2014, when officials learned of several fraudulent payments sent from the Commonwealth Bank of Australia to bank accounts in the UK. Investigators quickly determined many of these payments linked back to a single IP address: one registered to Skowron at his home address. This was sufficient evidence for authorities to arrest the Worthing man on 9 December.
Digging a little deeper, officials learned more about how Skowron had made the fraudulent transfers. Computers and phones seized from the suspect, for instance, revealed he had placed fraudulent payments to money mule accounts based in the UK. He had done so with the help of Piotr Ptach, who recruited money mules to help transfer the payments.
They also learned Skowron had successfully conducted two man-in-the-middle attacks in 2014 against two UK construction companies. Those attacks tricked employees into downloading banking malware onto their computers, programs which allowed Skowron to abuse their credentials for his conspiracy.
The two companies lost approximately £500K, £39,000 of which Skowron had transferred into one of his bank accounts.
In total, the scheme deprived victims of £840,000.
Detective Constable Jody Stanger, from the Met’s Operation Falcon Cyber Crime Unit, is pleased by the outcome of the case. As quoted in a press release:
"Skowron played a significant part in a wider criminal network that was responsible for several high-value frauds using malware. The proceeds of this fraud were then laundered through an organised money mule network. This conviction and sentence is the culmination of a long and complex investigation and shows that we will relentlessly pursue criminals involved in serious and organised crime online."
While law enforcement continues to track down computer criminals, users and organizations need to focus on protecting themselves against similar schemes. One way they can do this is for companies to educate their employees about the dangers of phishing attacks and how to spot a phish. They can use third-party security awareness software towards that end.
Does this kind of solution sound of interest to your organization?
If so, please contact Metacompliance and learn how its anti-phishing simulations can protect your company against banking malware and other digital threats.