LONDON, UK – Wednesday, May 6, 2026 – Ollie Holman, a 21-year-old former university student from Eastcote, West London, has been sentenced to seven years in prison for his role in creating and distributing sophisticated phishing kits that facilitated at least £100 million in global fraud. The sentencing, handed down at Southwark Crown Court, marks a significant victory for law enforcement in the ongoing battle against cybercrime.
Holman, an electronic and computer engineering student at the University of Kent, developed and sold over a thousand specialized phishing kits designed to mimic the legitimate websites of dozens of banks, charities, and government organizations. These fraudulent pages were equipped with scripts to harvest sensitive personal and financial information, including account login details and bank credentials, from unsuspecting victims worldwide.
The Charges Against Ollie Holman
Holman pleaded guilty to seven serious charges, reflecting the breadth and impact of his criminal enterprise. These included encouraging or assisting the commission of one or more offenses, believing one or more would be committed; two counts of making or supplying articles for use in fraud; transferring criminal property; acquiring criminal property; and two counts of possessing criminal property. The charges underscore the deliberate and extensive nature of his operations.
His scheme, which ran between 2021 and 2023, involved not only the creation but also the active distribution of these kits and the provision of technical support and custom-made panels to other fraudsters via the encrypted messaging service Telegram. This comprehensive support network amplified the reach and effectiveness of his illicit tools.
Scale of the Crime: A Global Web of Deception
The scale of Holman’s operation is staggering. He was responsible for the creation and supply of 1,052 unique phishing kits, which targeted 69 financial institutions and large organizations, including prominent charities, across 24 countries. While Holman personally profited an estimated £300,000 from selling these kits, the total fraud losses directly linked to his actions are conservatively estimated to be at least £100 million globally.
“Ollie Holman’s case highlights the devastating impact that highly organized cybercrime can have on individuals and institutions worldwide. His actions demonstrate a sophisticated understanding of digital vulnerabilities and a callous disregard for the financial and emotional well-being of countless victims.”
In one particularly egregious instance, a single kit was connected to a fraud amounting to approximately €1 million (around £870,000). Holman diligently laundered his proceeds through various cryptocurrency wallets, attempting to obscure the trail of his ill-gotten gains.
Who Is Ollie Holman? From Student to Cybercriminal
At the time of his sentencing, Ollie Holman was just 21 years old, a British national pursuing a degree in electronic and computer engineering. His academic background provided him with the technical prowess to develop the sophisticated tools used in his scheme. He operated independently, leveraging online platforms to connect with other fraudsters and distribute his kits, transforming his technical skills into a lucrative criminal enterprise.
Investigation Details: Unraveling the Digital Footprint
The investigation into Ollie Holman was spearheaded by the City of London Police’s Dedicated Card and Payment Crime Unit (DCPCU), a specialist unit funded by the banking and cards industry. The initial breakthrough came from intelligence provided by WMC Global, an intelligence firm specializing in online fraud. This crucial tip-off led the DCPCU to uncover the fraudulent kits being sold online.
The probe quickly expanded into an international operation, dubbed Op Phishoff, with critical support from international partners in Switzerland (the Office of the Attorney General of Switzerland and the Federal Office of Police) and Finland, alongside Europol. Detectives meticulously traced Holman’s digital footprint, discovering the kits on his computer and linking him to their creation through his unique “digital fingerprints.”
Holman was first arrested in October 2023 at his university accommodation in Canterbury, where his devices were seized. However, his criminal activities persisted; he continued to provide support for his phishing kits via his Telegram channel. This led to a second arrest at his home address on May 20, 2024, where further devices were confiscated. Facing overwhelming evidence, Holman pleaded guilty at Southwark Crown Court on August 16, 2024, leading to his sentencing on July 23, 2025.
What Happens Next: Confiscation and Prevention
Beyond his seven-year prison sentence, Ollie Holman has also been issued a Serious Crime Prevention Order, designed to restrict his future activities and prevent him from engaging in similar offenses upon his release. The Crown Prosecution Service (CPS) Proceeds of Crime Division is now actively pursuing confiscation proceedings against Holman to recover his illicit gains, aiming to strip him of the £300,000 he acquired from his criminal enterprise.
This case serves as a stark reminder of the persistent threat posed by cybercriminals and the global effort required to combat them. For more insights into ongoing efforts to combat financial crime, explore related fraud investigations.
Protecting Yourself: Recognizing the Red Flags
The widespread nature of Holman’s fraud highlights the critical need for vigilance among consumers. Phishing attempts often begin with suspicious, unsolicited emails or messages containing links to fake websites. Always scrutinize website addresses for slight discrepancies, even minor misspellings. Legitimate organizations rarely request sensitive personal or financial information via email or unsecure links. Be wary of any site lacking HTTPS encryption or a padlock icon in the browser bar. Phishing scams frequently create a sense of urgency or offer enticing, too-good-to-be-true deals to pressure victims into quick action. Always verify requests for information directly with the organization through official channels, rather than clicking on links in suspicious messages. Staying informed and cautious is your best defense against sophisticated cybercriminals like Ollie Holman.




