Alex Wood

Jeroen: Alex Wood, thanks a lot for taking the time in the run-up to the Leaders in Finance Cyber Security Event on May 22nd 2025.

Alex: Absolute pleasure, and thanks for inviting me. I’m really looking forward to it.

Jeroen: Great! It might be difficult, but could you briefly introduce yourself and share a bit about what you’re currently doing?

Alex: Yes, so this might shock a lot of people hearing it for the first time, but I’m a reformed hyper-prolific fraudster. That’s the legal definition in the UK for someone with dozens of offenses they have been convicted for. Between the ages of 24 and 36, I committed some of the most highly damaging and high-profile financial offences in recent criminal history. To my mother’s horror, a lot of that ended up all over the front pages.
I didn’t start my life as a criminal—I was a child prodigy on the violin and had a successful career performing worldwide. But in my mid-twenties, I developed a repetitive strain injury in my wrist, and my music career came to a sudden halt, leaving me without an income. That was the trigger for my first financial crime, which led to my first prison sentence. It was a basic, blunt fraud that the police unraveled in a matter of hours.
In prison, I met more serious fraudsters and ended up forming conspiracies for future financial crimes. I was alongside individuals convicted of some of the biggest frauds ever. One of them, Achilleas Kallakis, stole £760 million from Allied Irish Bank and used it to acquire swathes of real estate in central London. Another was Giovanni Di Stefano, known on Netflix as the Devil’s Advocate, who claimed to be a solicitor and represented figures like Saddam Hussein and Gaddafi—until it turned out he had never qualified as a lawyer. So I was in prison with very committed and dishonest individuals and I sharpened my tools and went on to commit more serious offences.
My second prison sentence resulted from convincing multiple five-star hotels in central London that I was the 13th Duke of Marlborough. Of course, I am not the 13th Duke of Marlborough, but this demonstrates the extent of the social engineering I deployed. My final conviction was for a massive authorised push payment (APP) fraud, worth multiple millions of pounds. I posed as a representative from NatWest or Barclays, calling UK businesses and persuading them to transfer millions into accounts I controlled.
During my sentencing, I decided enough was enough. The turning point came when the judge read a victim impact statement from a director of a company I had stolen £1.3 million from in about an hour. The director logged into his bank the next day, saw the money was gone, and realized I hadn’t been calling from the bank. He had 40 employees to pay but couldn’t, and he suffered a stroke. He became very ill as a result of what I’d done.
Fraudster’s always say that fraud is a victimless crime.  They argue that the bank will refund the victim, so no real harm is done. They justify their actions by saying, It’s not like you’re leaving someone bleeding in the street. But then I faced the truth. I had called this man, stolen his money, and wasted it on luxury. He suffered a stroke. Though the bank eventually reimbursed him, it took six months of stressful litigation. Not long after, my dad had a heart attack and I blamed myself. I had caused him a huge amount of anguish, going back to prison again. That was the moment I decided to walk away from fraud and use my knowledge of social engineering and the fraud mindset and dishonest techniques to help the counter fraud community.
Today, I consult for tier-one banks and UK government departments, including the Home Office, Cabinet Office, and Foreign Office. I work with police forces to raise awareness of issues like mule accounts and educate young people about the risks of getting involved in illegal activities. A significant part of my work involves speaking at events like this, engaging with senior finance leaders to provide insights. When organisations tell their staff, Try to think like a fraudster, the reality is that unless you’ve been one, it’s incredibly difficult. Fraudsters operate on a completely different moral spectrum, always looking for new ways to deceive. Fortunately, my talks resonate, and people find them valuable. I’ve moved from the dark side to the light, and my goal is to continue supporting the counter fraud profession.

Jeroen: Apart from the things you described that made you change your life—essentially making a 180-degree turn—would you say your life is much better now compared to when you were a fraudster? I imagine that lifestyle was also quite exciting.

Alex: Yes, there was certainly an adrenaline rush from committing crime. I loved having huge sums of money around me, driving a Bentley, and flying everywhere in a helicopter. But I was always looking over my shoulder. I constantly felt that people were watching me—when I took out a huge bundle of £50 notes, they probably assumed I was a drugdealer or something. My lifestyle now is nothing like that, but it’s legitimate. I don’t have to worry about being arrested or putting my family under stress. I’m able to earn a reasonable living because organisations are willing to pay for me to share my expertise. It’s an honest, decent living, and I won’t be going back to prison.
There’s a study by Shad Maruna on why career criminals stop offending. He found a clear link between desistance and maturity over time. As I’ve grown older and matured, reflecting on my life and what kind of legacy I want to leave behind, it’s clear to me that it’s time to leave that past behind. So yes, my life is very different now, but I truly enjoy it. I’m always humbled to be welcomed into institutions that I once defrauded. Some of the banks in London that I targeted the most now pay me to help them improve their security. It’s such an honour to be trusted by the industry in that way.

Jeroen: I can imagine. Especially earning their trust again—that must be incredibly meaningful to you. At this event, we’ve gathered the cybersecurity community for financial services, including many Chief Information and Security Officers. Is there anything specific you’ll be addressing related to cybersecurity?

Alex: I was recently advising Binance in the wake of the Bybit hack, which resulted in a massive loss of about 1.4 billion dollars, of which around a quarter has now been successfully laundered. We believe that the Lazarus Group was behind the hack, and the funds have likely been used to finance North Korea’s nuclear missile program. The damage was enormous.
When we began to really delve into the situation, I was advising Binance because they were concerned they might face similar risks. It was crucial for us to gain a deep understanding of what happened at Bybit. It’s astonishing how the hack was actually set up through social engineering. We tend to think of cyberattacks as just some tech geeks sitting in a shelter somewhere, sending out thousands of emails and viruses around the world. But in this case, the groundwork was done through traditional social engineering.
We see it a lot with cyber attacks in general, that there is an element of social engineering. Now, I consider myself to be the world’s best social engineer. I could cast a kind of black magic over anyone I spoke to, convincing people who had been trained to spot individuals like me and protect their company’s assets to transferring every penny from their account, after spending an hour on the phone with them
Another organization I advise in the UK is the NHS (National Health Service). For the last three years, they’ve faced very serious cyber threats. They were hit by the WannaCry ransomware attack back in 2017. The blood database was hacked last year, and in 2023, several local ambulance trusts were hacked, with systems being locked down and huge ransom demands made. In each of these cases, the vulnerability was a third-party supplier. The NHS, despite having resilient cybersecurity internally, is exposed to risks through its third-party suppliers. These suppliers don’t always have the same security protocols or processes as the NHS. There’s an important point here about the need for equal security and standards when partnering with suppliers. The NHS, like any organization, is only as strong as its weakest link within its third-party structures.

Jeroen: That’s great. I don’t want you to reveal everything you’ll share at the event, so let’s not go too deep—though I’m tempted to ask more. Let me ask a final question. Our audience, who will also read this interview, includes professionals from financial services—insurers, bankers, asset managers, fintechs, and others. If you were the cybersecurity officer at a major financial institution, what would be the first thing you would do?

Alex: So if I were to step into a large organisation as a CSO, the first thing I’d need to understand is what risks are currently sitting in the infrastructure that we don’t know about. On a technical level, I’d probably introduce something like a kernel-level filter, putting it in learning mode to get a clear picture of what’s already on all our endpoints.
If we can understand what’s already there, it makes a huge difference. Interestingly, this exact exercise was recently carried out at Sellafield nuclear power station in the UK. When they did a granular zero-trust kernel-level analysis, they found Chinese malware sitting on multiple endpoints within the nuclear plant. The risk that poses doesn’t even need to be spelled out. The reality is, we don’t know where Russian, Chinese, or North Korean malware might already be lurking in critical national infrastructure. It’s an incredibly dangerous risk landscape.
So before jumping into new security measures, the first step is understanding exactly where you stand. You need to be in learning mode for a few weeks to fully grasp the current risks—and ideally, weed them out. I think zero-trust principles are crucial. The default position should be to trust absolutely no website, then gradually build up a list of those that are safe.
In large organisations, it’s also really important that the CSO doesn’t have full control. There should be a very close partnership between the CEO and the CSO—you’d hope they’re practically best friends. Ideally, if everything is working properly, the CSO will know everything the CEO is doing. That’s how it should be. CSOs need a prominent role in the organisation, with full visibility into everything that’s going on.

Jeroen: Alex, thank you so much for taking the time to speak with me and with Leaders in Finance. This pre-event interview will be published in the run-up to the Leaders in Finance Cyber Security event on May 22, 2025. We’re very much looking forward to having you there, and I’m personally really looking forward to meeting you in person. So, thanks again for your time, Alex.

Alex: Thank you so much, Jeroen. I am really grateful and look forward to it.