“As he was going back home, he thought that this is an easy way to make money. Opportunity makes the thief.” The events he described occurred in May 2022.
Geiger revealed that the teenager stumbled on the critical vulnerability by chance as he was logging into the account of a relative at their request but entered the wrong authentication code, granting him access to the account of another client. After informing the so-called supermarket bank of the vulnerability, he went on a crime spree with a grown-up he recruited to help him set up accounts. The duo transferred funds to online casinos using an overseas payment service before transferring the winnings to their accounts.
They also used the illicitly obtained money to travel, buy drugs and luxury items and pay off the debts of relatives. Later they applied for loans worth up to 60,000 euros using mobile authentication and income and occupational details found on the online bank accounts. Clients of S Bank are estimated to have lost about 1.
3 million euros in the series of frauds. Police managed to cancel one 500,000-euro transfer, while the rest of the losses were compensated for by S Bank. Police have received 231 criminal complaints linked to the events, including 71 from people who lost funds from their accounts at S Bank.
The two perpetrators are also believed to have accessed the accounts of 149 other people, but – for reasons unknown to investigators – opted not to make any transactions. The duo are suspected .