It was a Saturday night in May 2024, and a slight 21-year-old student was behind the decks at Club Chemistry, a nightclub in Canterbury. Ollie Holman studied computer science at the University of Kent, but for a few hours, that didn’t matter: the room was full, and the crowd was ecstatic. Holman grinned while he danced along with them.
The next day, Holman posted a few clips from the night on Instagram. “Many of these to come 👊🏻👊🏻,” he wrote in one caption.
Unbeknown to his friends, fans, and even himself, that would be his last night out for a while. Just a month later, Holman was arrested. The student DJ, a court would soon hear, was in fact the architect of one of the most ambitious phishing operations ever prosecuted in Britain.
Last year, Holman was found guilty of orchestrating a network that made £100 million in stolen funds from victims in 24 countries, across 69 financial institutions, including major banks, public bodies and charities. The investigation involved police forces across Europe. In the end, Holman was sentenced to seven years in prison.
For his friends and family, the revelation was bewildering. How had he managed to facilitate fraud on that scale? What had drawn him into it? And how, exactly, does a £100 million fraud operation work?
Over the past months, I’ve spoken to people who knew Holman at university, as well as members of his family. I’ve also accessed the Telegram channels that formed the backbone of the operation itself.
What emerges is not just a story of technical ingenuity and criminal nerve, but of recklessness and addiction. The question is not only how Ollie Holman pulled it off — but why.
Every phishing scam follows a basic choreography. First comes the bait, appearing in your email or SMS inbox: a warning about suspicious activity on your bank account, a cut-price Netflix offer, a request to “verify” your tax details. It’s designed to trigger mild panic or mild greed, just enough to prompt a click.
Register for free to read this article.