Police in the Netherlands are set to email 20,000 possible fraud victims urging them to change their account details, after discovering their credentials had been stolen by a man arrested last year on suspicion of multiple cybercrime offences.
Police revealed the arrest of the 35-year-old man last October. He was cuffed on suspicion of hacking, fraud and identity theft after he allegedly posed as a webmaster to siphon off users’ online credentials.
Police claim the Leeuwarden resident worked at various companies as a website builder, inserting a special script into backend code which enabled him to steal user names and passwords.
With those, he was then able to break into the associated email and social media accounts, commit identity fraud by buying goods online in the name of others, and even persuade family members of those he pretended to be to send money to him.
He also used his victims’ identities to gamble online, a police statement noted.
It’s still unclear exactly how much money he made from the alleged crimes, but as of October last year there were 140 cases currently open in the investigation.
The cops also claimed he had deposited and then spent much of the money via “anonymous credit cards” – which will make their task even harder. In fact, in the latest update they said some of the crimes will be impossible to trace.
Dutch police urged users never to download files from emails if they don’t know the sender; to use different passwords for different sites; and to use strong passwords and change them regularly.
They also warned companies only to do business “with reputable website builders”, and to double check any resulting code with a third party.