SINGAPORE: An air force regular was on Wednesday (May 15) sentenced to 11 months’ jail for phishing women’s social media login details to get intimate images of them.
K Eshwaran, 26, pleaded guilty to 10 charges under the Computer Misuse Act. Another 21 charges were considered for sentencing.
From 2019 to 2023, he sent phishing links to 22 victims to get login credentials for their social media, cloud server and email accounts.
Eshwaran targeted victims whom he knew in real life, or victims whose intimate images had been posted to an adult forum, prosecutors said.
The identities of all his victims were protected by court order, which the prosecution requested given the sexual element of his offences.
Posing as a “helpful netizen”, Eshwaran would send phishing links to victims with a message saying that their intimate images had been posted online, prosecutors said.
He would include a screenshot with a sexual caption, usually taken from a pornographic website, which purported to be a screenshot of the victim’s intimate image posted online.
In some cases, he used a website to generate possible login credentials based on a victim’s social media details that he had, and then used trial and error to access their accounts.
Once inside the accounts, he would trawl through them to see if the victims had stored any intimate images of themselves, which he wanted for his own sexual gratification.
In the case of one female victim, Eshwaran knew she had done modelling shoots where she was partially dressed or in lingerie, and wanted access to those photos.
More than once, he also gained unauthorised access to men’s social media accounts. He would then impersonate the account holder and contact women whom he thought had an intimate relationship with the man to ask for intimate photos.
Eshwaran continued to reoffend in 2023, even when he was out on bail and already under investigation for his earlier phishing attacks.
In January that year, he gained unauthorised access to the Instagram and Snapchat accounts of his victim, a woman in her early 20s.
After finding her intimate images in her Snapchat account, he continued to send her phishing links to gain login credentials to her other online accounts.
In this and other cases, the internet protocol address used in the unauthorised access of the accounts was traced to Eshwaran’s home.
His victims also made police reports after realising they were being phished or that their accounts had been hacked.
The prosecution sought 11 to 16 months’ jail. Deputy Public Prosecutor Joshua Phang argued that Eshwaran’s offences were premeditated and sophisticated.
The offences required the ability to use phishing tools that are not generally known to the public, and were difficult to detect, said Mr Phang.
Defence lawyer Mervyn Tan of Anthony Law Corporation said that Eshwaran was a first-time offender and that his crimes were “an act of mischief, malicious though it may be”.
He told the court that Eshwaran was a regular serving as an engineer in the Republic of Singapore Air Force.
Mr Tan said Eshwaran was likely to suffer professional consequences as a result of his offences, and asked District Judge Wong Peck to take this into account as a mitigating factor.
He also said that Eshwaran’s family had “come together” after his offences, and that his parents had “taken him to task”.
The judge agreed with the prosecution’s sentencing position and said there were far more aggravating than mitigating factors in Eshwaran’s conduct.
Eshwaran will start serving his sentence on Jun 19 after the judge granted his request for a deferral.
Mr Tan told the court that Eshwaran’s wife had just given birth in early May, and he needed the time to settle personal matters and help her with confinement.
CNA has contacted the Ministry of Defence for information on Eshwaran’s employment and whether he faces any disciplinary measures.
