The Central Netherlands court has sentenced a 22-year-old man to phishing attacks for three years. The man also has to pay almost 27,000 euros in damages. The man was also given a three-week suspended prison sentence for another offence.
In the messages that the suspect sent to his victims, he pretended to be WoningNet or PostNL. In the phishing messages, the man incorporated malicious links that allegedly referred visitors to the websites of various banks, including ING, ABN AMRO, ASN, SNS, de Volksbank and Triodos bank. These sites were almost indistinguishable from the real thing, so several people gardened in them with their eyes open.
Through these phishing messages, the man managed to obtain usernames, passwords and login details for logging into internet banking. He also managed to obtain codes for hot authorization of a transfer. Data from ING shows that the man was able to log into the bank’s systems from two IP addresses in Almere. One of the IP addresses was the man’s home address. The other belonged to a Primera branch, but an investigation showed that the man logged into ING’s bank accounts from his car at the store.
Between August 21, 2020, and January 12, 2021, he managed to loot a total of 26,898.76 euros from account holders of ING with the captured login details. According to the bank, the man had caused EUR 28,044.43 in material damage in just five months. The judge did not agree.
In addition, the court finds it legally and convincingly proven that the man used illegal software to send phishing messages. Between August last year and January this year, he used the AB Bulk Mailer and DRPU Bulk SMS Professional programs. The former program is used for sending large numbers of e-mails. The second program is designed to send text messages in large quantities.
By means of “crafty tricks and through a fabric of fictions”, the man managed to convince his victims to transfer money to a so-called ‘secure account’, or to steal their bank login details.
The public prosecutor demanded that the suspect pay a fine of 10,000 euros and a prison sentence of three years, of which one year is probation with two years’ probation. Given the seriousness of the crimes, the court decided to impose a heavier sentence.
“Furthermore, the suspect’s actions undermined the victims’ confidence in the payment system and banking system. When consumers in general no longer have confidence in the payment system and banking system, there is a risk of serious disruption of social and economic traffic,” the court of Utrecht wrote in its judgment.
We also read the following: “The victims have also made several essential personal and bank data available, with the result that they will not know whether and to whom this data has been distributed. Defendant has shown no respect for the property and privacy of others. The suspect was apparently only driven by his own financial gain and was not concerned with the consequences for the victims or other consequences for society in general.”
The judge sentenced the accused to three years in prison. The time he has been in custody is deducted. In addition, the man must pay ING an amount of 26,898.76 euros in compensation. On top of that amount, he must pay the statutory interest, calculated from August 21, 2020. Finally, the suspect was also given a suspended prison sentence of three weeks in another case.
Catch up on more articles here
Follow us on Twitter here