LabHost Phishing Mastermind Sentenced to 8.5 Years
A Huddersfield man has been handed an eight-and-a-half-year sentence for masterminding what became one of the world’s largest phishing-as-a-service (PhaaS) platforms.
Zak Coyne, 23, of Woodbine Road, Huddersfield, was sentenced in Manchester Crown Court on Monday after admitting his crimes in September 2024. These included: making or supplying articles for use in frauds; encouraging or assisting the commission of an offense believing it would be committed; and transferring criminal property.
According to the Metropolitan Police, Coyne’s website, LabHost, was used by over 2000 fraudsters to create phishing sites designed to trick victims into handing over their personal and financial information and log-ins.
In operation from 2021 to 2024, LabHost charged would-be phishers a membership fee, which provided them with access to pre-built phishing templates or the ability to request bespoke pages spoofing trusted brands including banks, healthcare providers and postal services.
Read more on phishing-as-a-service: Morphing Meerkat PhaaS Platform Spoofs 100+ Brands
Thomas Short, specialist prosecutor for the Crown Prosecution Service (CPS), claimed that the platform enabled mass global fraud campaigns “resulting in losses totalling more than £100m.”
That’s 100 times more than was originally reported by the Met, which last year claimed the platform was responsible for 40,000 phishing sites, 70,000 UK victims, and the theft of 480,000 card numbers, 64,000 PIN numbers and over one million passwords.
LabHost was finally taken down in April 2024 after a coordinated operation from the Met’s Cyber Crime Unit, the National Crime Agency (NCA), Microsoft, Europol and other partners.
That month, the Met arrested 24 suspects, many of whom were LabHost users, and searched over 70 addresses.
“The outcome of this case demonstrates the unwavering commitment of the Met in pursuing individuals like Coyne who mastermind a network of fraudulent activity, which ultimately brings misery to thousands of innocent people,” said commander Stephen Clayman, head of the Met’s Central Specialist Crime team.
“This also demonstrates the commitment across law enforcement to identify and hold those to account who facilitate criminal enabling functions and think they can remain undetected. We will find you and take action.”
Phishing Fuels Fraud
However, the reality is that the advantage still lies with the perpetrators of phishing and other digital fraud-related threats, who remain largely anonymous.
Fraud is now the most common crime type in the UK, with four-fifths being cyber-enabled.
The government’s fraud prevention strategy, which is still being finalized, is set to revolve around the use of emerging technologies, more process automation to free up investigators, improved data sharing and international cooperation.
