Met brings leader of fraud platform to justice  

A massive worldwide operation led by the Met has seen a prolific cyber-criminal sent to prison for eight-and-a-half years.

Zak Coyne, 23 (22.02.01) of Woodbine Road, Huddersfield, was sentenced for leading a website used by more than 2,000 criminals to defraud victims all over the world.

The LabHost service was set up by a criminal cyber network in 2021 to create “phishing” websites, designed to trick victims into revealing personal data such as email addresses, passwords and bank details. 

For a membership fee, users could log on and choose from existing sites or request bespoke pages replicating trusted brands including banks, healthcare agencies and postal services.   

The platform was brought down in April 2024 after the Met’s Cyber Crime Unit gathered crucial intelligence and joined forces with partners across the country, including the National Crime Agency and Microsoft.

In the same month, the Met arrested 24 suspects, targeting the most prolific offenders within the LabHost service, while over 70 addresses were searched.   

As part of the Met’s duty of care, officers safeguarded victims by establishing a helpline, directing people to protected advice on the Met website, and securing compromised accounts.

Specially trained officers offered personalised advice, including how to further protect victims' data, and ensuring every case was reported to both Action Fraud and UK Finance.   

Coyne admitted his crimes at Manchester Crown Court on Wednesday, 18 September. These included: making or supplying articles for use in frauds; encouraging or assisting the commission of an offence believing it would be committed; and transferring criminal property.

He was sentenced at Manchester Crown Court on Monday, 14 April.

Commander Stephen Clayman, Head of the Met's Central Specialist Crime team, said: 

“The outcome of this case demonstrates the unwavering commitment of the Met in pursuing individuals like Coyne who mastermind a network of fraudulent activity, which ultimately brings misery to thousands of innocent people.

“This also demonstrates the commitment across law enforcement to identify and hold those to account who facilitate criminal enabling functions and think they can remain undetected. We will find you and take action.

“This has been monumental operation lead by the Met and I would like to thank all the partners - including the NCA, City of London Police and Cyber Defence Alliance - involved for their invaluable input and without whom, this would not have been a success.

“We will continue to work across law enforcement and key stakeholders, including international partners, to ensure that the Met contributes to the ongoing system response to cyber-related fraud."

Thomas Short, Specialist Prosecutor for the Crown Prosecution Service, said:

“Zak Coyne operated a phishing service that provided fraudsters with the tools to impersonate trusted institutions and steal sensitive information from unsuspecting victims.

“This was a sophisticated worldwide criminal enterprise which enabled others to perpetrate fraud on a massive scale, resulting in losses totalling more than £100 million.

“Fraud is far from a victimless crime and the harm caused by Coyne’s offending are measured not just in monetary terms, but also in the distress inflicted on countless victims who fell prey to these scams.

“This was a complex case, but the prosecution team, together with law enforcement partners, was able to unravel an intricate web of digital evidence which linked Coyne to the offending and build a strong case against him, resulting in his guilty pleas.”

Craig Rice, CEO Cyber Defence Alliance, said:    

“This is an excellent International law enforcement operation, supported by the Cyber Defence Alliance and other private industry partners, to disrupt and arrest criminal services providers.

“These Cybercrime-As-A-Service platforms enable thousands of other fraudsters to conduct online frauds that impacts bank and retail customers across the UK.

“Law enforcement working with industry makes for a formidable alliance that will disrupt such criminal networks”.

Steven Masada, Assistant General Counsel, Microsoft's Digital Crimes Unit, said:

"We commend the Met and their collaborative efforts against the leaders of the prolific cybercrime-as-a-service provider, LabHost.

“While in operation, LabHost provided services to scammers and other cybercriminals that targeted Microsoft customers and harmed users online.

“The dismantling of LabHost disrupted the activities of countless online actors, protecting an untold number of potential victims worldwide.

“Microsoft will continue to collaborate with the public and private sector to protect individuals and help provide evidence that brings perpetrators of cybercrime to justice."

Adrian Searle, Director of the National Economic Crime Centre, within the National Crime Agency, said:

“Fraud is the crime we are all most likely to experience, and it causes victims long-lasting emotional and psychological harm, in addition to financial loss.

“Criminals are using current and emerging technologies to commit fraud on an industrial scale.

“The takedown of LabHost by the Met demonstrates what law enforcement can achieve when we work together to tackle this rapidly evolving, and complex, threat.

"In this operation and similar, we are undermining the fraudsters' trust in the criminal services they are accessing online, and showing that providing and using them comes with consequences."

Edvardas Šileris, Head of Europol’s European Cybercrime Centre (EC3), said:

“The dismantling of LabHost is a clear example of the impact that cross-border cooperation has on combatting cybercrime.

“By leveraging the collective expertise of our law enforcement partners, Europol’s European Cybercrime Centre (EC3) has helped disrupt a major phishing-as-a-service platform, safeguarding victims and making it harder for criminals to operate with impunity.

“This operation highlights the critical importance of international collaboration in confronting the evolving threat posed by cybercriminals.

“We congratulate all partners involved for their hard work and commitment to bringing these criminals to justice.”

To avoid becoming a victim of online crime you don’t need to be a computer expert. Developing a few good online habits drastically reduces your chances of becoming a victim of cyber crime, makes you less vulnerable and lets you use the web safely.

Visit Cyber Aware for step-by-step instructions on keeping your devices up-to-date with the latest security updates, and for more online security advice.

Be careful when opening emails and texts, especially if you don't know the sender. If an email or text is unexpected or seems unusual, even if it’s from someone you know, ignore it and contact the sender directly to check if they sent it.

Your bank, the police and reputable companies will never ask for sensitive or financial details via email, phone or text.

The Met has issued ten golden rules to help people protect themselves from fraud:    

1. Be suspicious of all ‘too good to be true’ offers and deals. There are no guaranteed get-rich-quick schemes. 

1. Don’t agree to offers or deals immediately. Insist on time to get independent or legal advice before making a decision. 

1. Don’t hand over money or sign anything until you’ve checked someone’s credentials and their company’s. 

1. Never send money to anyone you don’t know or trust, whether in the UK or abroad, or use methods of payment you’re not comfortable with. 

1. Never give banking or personal details to anyone you don’t know or trust. This information is valuable so make sure you protect it. 

1. Always log on to a website directly rather than clicking on links in an email. 

1. Don’t just rely on glowing testimonials. Find solid, independent evidence of a company’s success. 

1. Always get independent or legal advice if an offer involves money, time or commitment. 

1. If you spot a scam or have been scammed, report it and get help. 

1. Don’t be embarrassed about reporting a scam. Because the scammers are cunning and clever there’s no shame in being deceived. By reporting it, you'll make it more difficult for them to deceive others.    

If you think you have been a victim of fraud, contact your bank immediately and report to Action Fraud at actionfraud.police.uk or call 0300 123 2040. 

Remember that if you’re a victim of a scam or an attempted scam, however minor, there may be hundreds or thousands of others in a similar position. Your information may form part of one big jigsaw and be vital to completing the picture.