UK: Gang jailed in £1m Next Directory scam

Sapphire's Strike

Staff member
£1m Next Directory scam: Gang jailed for selling and using customers' account details
By SuzyGibson | Posted: January 16, 2017

Five fraudsters have been jailed for using and selling the details of hacked accounts belonging to hundreds of genuine Next Directory customers.

The information, obtained from the part of the internet which is hidden from search engines, netted the users tens of thousands of pounds worth of goods from the Leicestershire clothing and homewares giant.

People who bought goods using the illegally obtained information were then encouraged to post pictures of their "spoils" online to "advertise and promote" the fraud, Leicester Crown Court heard.

Matthew Lowe, prosecuting, said the scam was perpetrated across the UK against the company, whose headquarters are in Enderby.

The scam involved the sourcing of log-in details for legitimate mail order accounts from websites hidden from 'normal' internet users.

The details were sold on to other fraudsters, via Facebook closed groups, to be used for illegal gain.

The amount of available credit on 280 affected accounts was almost one million pounds, although the value of the transactions attempted was £239,681, and the actual amount of goods fraudulently obtained was £64,000.

The two women and three men pleaded guilty to conspiring together and with unknown others to defraud Next Plc, by obtaining and providing customer account log-in details which were advertised for sale, via Facebook, purchasing the log-in details, accessing customer accounts, changing client contact details and placing orders for items via the hijacked accounts, between October 2015 and April 2016.

The fraudsters would collect the items rather than having them delivered - often using bogus proof of identity documents, such as forged utility bills.

The court was told the details were not leaked or stolen from the Next organisation, whose security system was not infiltrated, but were obtained by internet banking fraud, and other internet fraud.

The case has prompted the police to warn internet users not to use the same passwords for different types of accounts.

Read more here: