Final member of £1.5 million 'student loan' phishing gang gets prison

August 2011 attacker pleaded gulty

The final member of a Manchester-based phishing gang that stole £1.5 million ($2.5 million) from UK students by setting up a bogus facsimile of the UK Student Loans Company (SLC) has been sentenced to three years and nine months in prison.

According to police, 29 year-old Nigerian national Olajide Onikoyi was a lynchpin in the August 2011 attack during which the gang sent convincing emails asking students to update their financial details on the bogus website, netting up to 1,300 victims in a matter of days.

The total stolen has since been revised upwards to around £1.5 million, mostly a few thousand per victim, although police said one individual lost £19,000. After examining Onikoyi's PC, police discovered that he'd conspired with crime forum members from Russia and Lithuania to understand how to carry out such attacks.

After being arrested in January 2013, Onikoyi eventually pleaded guilty to being involved in conspiracy to defraud financial institutions of £393,000 as the money's subsequent laundering.

From the start, the case has been one of the most complicated and long-running ever conducted by UK police against domestic phishing scammers.

Three other members of the gang have already been handed prison sentences for a variety of charges; Damola Clement Olatunji in July 2012 for three years and six months, Christopher Inokwere in February 2013 for three years and six months and, last week, Ruth Smith-Ajala for five years.

"My officers worked doggedly to secure Onikoyi's conviction. They examined numerous leads to identify members of this phishing gang, of which Onikoyi was a key member," commented detective chief inspector Jason Tunn, of the National Crime Agency's National Cyber Crime Unit (formerly the MPS Police Central e-Crime Unit).

"He played a significant role in the scam by systematically targeting British students and UK financial institutions in order to steal large amounts of money that were then dispersed across numerous bank accounts.

"We've had a number of bank accounts and properties connected to Onikoyi restrained under the Proceeds of Crime Act. This is now subject to a financial investigation," said Tunn.

The lesson from this infamous attack is probably its incredible simplicity. Actually targeting and defrauding victims was the simple part of the story with the laundering of stolen money the element that required planning. In this case at least, the second part of the fraud, which left a trail of evidence, proved the gang's ultimate undoing.

Other notable UK phishing attacks have included last week's arrest of an alleged gang accused of stealing £1 million from UK bank account holders, and a separate Nigerian gang that stole £1 million in life savings from a single woman in late 2011.

Earlier this year, Kaspersky Lab estimated that UK users were being subjected to around 3,000 attempted phishing attacks every day.

Join the CSO newsletter!

Error: Please check your email address.

Tags Personal Techsecuritythree

More about KasperskyKaspersky

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts