Source: Crown Prosecution Service
A Bulgarian phishing expert who created website scripts designed to look just like the real websites of legitimate companies to help criminals defraud victims out of an estimated £41.6 million has been jailed for nine years.
Svetoslav Donchev, 37, was extradited to the UK to face the online scamming fraud charges, and pleaded guilty to five offences at Southwark Crown Court today (Friday, 20 September).
Donchev created website scripts which were designed to look like the real websites of legitimate companies. However, they would be hosted on another server in the control of a cybercriminal who would then lure victims to it by sending ‘phishing’ emails suggesting that accounts needed to be verified or that victims were due a refund.
When the victim then completed the forms by inputting their personal financial information, the details were either logged or sent by email to the cybercriminal who would then use these for fraud or to sell them on the dark web. Donchev also provided them with software that disguised their phishing sites from being identified as ‘risky’ by web browsers.
Police investigators were led to Donchev when they discovered an email address in computer files of convicted cyber hacker Grant West. When he was arrested in his home in Pleven, Bulgaria, where he lived with his parents, Bulgarian and Metropolitan Police investigators found folders on his computer revealing the extent of his criminal activities.
They established that he had created website scripts for up to 53 UK based companies, or companies with a UK footprint. They estimated there were a potential half a million victims as a result of his criminal activity.
Sarah Jennings, CPS prosecutor, said: “Donchev’s criminal activity facilitated the compromise of hundreds of thousands of victims’ personal details and banking credentials by the theft of their personal banking details. Phishing scams cause enormous stress, upset, inconvenience and loss to users and customers of websites. They also result in huge losses to the organisations and companies affected.
“Donchev would not steal the bank details himself. He would supply the tools for others to do so. He may have felt removed from the scams themselves, but the thorough police investigation and this successful prosecution shows that we will track down all those involved in online scams, extradite them if they are abroad, and put them before the UK courts.”