Cybercriminal 'Tylerb' Admits Role in Major Phishing Scheme: Key Questions Answered
In a significant development for cybersecurity, a key member of the notorious cybercrime group Scattered Spider has pleaded guilty to charges of wire fraud conspiracy and aggravated identity theft. This case highlights the sophisticated social engineering tactics used by cybercriminals to breach major tech companies and steal cryptocurrency. Below, we answer the most pressing questions about Tyler Buchanan (alias 'Tylerb'), his crimes, and the implications for online security.
Who is Tyler Buchanan, and what was his role in Scattered Spider?
Tyler Robert Buchanan, a 24-year-old from Dundee, Scotland, was a senior member of the cybercrime group Scattered Spider. Operating under the hacker handle Tylerb, he was once listed on a leaderboard that tracked the most accomplished cyber thieves in the English-speaking criminal hacking scene. Buchanan's guilty plea confirms his involvement in orchestrating text-message phishing attacks during the summer of 2022. These attacks targeted at least a dozen major technology companies, including Twilio, LastPass, DoorDash, and Mailchimp. The group's ultimate goal was to steal cryptocurrency from individual investors. Buchanan now faces over 20 years in prison after being taken into U.S. custody.
What is Scattered Spider, and how does the group operate?
Scattered Spider is a prolific English-speaking cybercrime ring known for relying on social engineering to infiltrate organizations. Their primary tactic involves impersonating employees or contractors to trick IT help desks into granting access to internal systems. Once inside, they steal sensitive data for ransom. The group gained notoriety for a ransomware attack on Marks & Spencer, a major U.K. retail chain, in 2024. Unlike many cybercriminal groups that use sophisticated malware, Scattered Spider's methods are often low-tech but highly effective, exploiting human trust rather than technical vulnerabilities. Buchanan's role was central to their operations, as he coordinated the phishing campaigns that provided initial entry points.
What specific phishing attacks did Buchanan orchestrate?
Buchanan admitted to conspiring with other Scattered Spider members to launch tens of thousands of SMS-based phishing attacks in 2022. These attacks targeted employees of technology companies with text messages that appeared legitimate, tricking recipients into disclosing login credentials or clicking malicious links. The breaches affected high-profile firms like Twilio, LastPass, DoorDash, and Mailchimp. Once inside, the group used stolen credentials to navigate corporate networks, exfiltrate data, and carry out subsequent SIM-swapping attacks. The U.S. Justice Department confirmed that Buchanan stole at least $8 million in virtual currency from individual victims across the United States.
How did SIM-swapping factor into the scheme, and why is it dangerous?
SIM-swapping is a technique where criminals trick a mobile carrier into transferring a victim's phone number to a device they control. Intercepting SMS messages and calls allows attackers to bypass two-factor authentication and password reset links sent via text. In Buchanan's case, the group used data from the phishing breaches—such as personal information and account credentials—to execute SIM swaps. This enabled them to drain cryptocurrency wallets and steal funds. The danger lies in the irreversibility of many crypto transactions and the difficulty for victims to regain access to their accounts. Once a SIM swap occurs, the attacker controls all SMS-based verification, making it a potent tool for financial theft.
How did law enforcement catch Buchanan?
FBI investigators linked Buchanan to the 2022 phishing attacks by identifying a consistent username and email address used to register numerous phishing domains. The domain registrar NameCheap revealed that just one month before the attack spree, the account logged in from a U.K. internet address. Scottish police confirmed that the address was leased to Buchanan throughout 2022. Further evidence came from a device found at his residence in Scotland. After fleeing the U.K. in February 2023—following a violent home invasion by a rival gang—Buchanan was eventually apprehended in Spain by airport authorities. A photo from a Daily Mail article shows him being detained, marking a key breakthrough in the case.
What penalties does Buchanan face, and what is the status of his case?
Buchanan pleaded guilty to one count of wire fraud conspiracy and one count of aggravated identity theft. Each charge carries severe penalties: wire fraud conspiracy can result in up to 20 years in prison, while aggravated identity theft mandates a minimum consecutive sentence of two years. The court may also impose fines and restitution. He is currently in U.S. custody awaiting sentencing. Given the scale of the crimes—involving dozens of companies and millions in stolen cryptocurrency—prosecutors are likely to seek a lengthy prison term. The case underscores the Justice Department's commitment to prosecuting cybercriminals even when they operate from abroad.
What does this guilty plea mean for cybersecurity and corporate awareness?
This conviction serves as a warning to cybercriminals that international cooperation can lead to justice. For businesses, it highlights the need for robust security training and multi-factor authentication methods that are resistant to social engineering. Phishing remains a top threat vector, and companies must educate employees to verify requests through independent channels. Additionally, the case demonstrates the danger of relying solely on SMS-based two-factor authentication, which can be compromised via SIM-swapping. Organizations should consider using authentication apps or hardware tokens instead. The takedown of a senior member like Buchanan may disrupt Scattered Spider but also signals that similar groups will evolve, making continuous vigilance essential.