Many of you will remember the massive 2014 leak that saw private photos of various celebrities plastered all over the internet. Through a huge phishing scam, a group of people were able to gain access to the iCloud accounts of a bunch of celebrities and steal their private information. Most of those involved in that mess have since been caught and arrested. However, the situation could have easily arose again, as someone else has been arrested for conducting a similar phishing scam.
This week, a US citizen by the name of Kwamaine Ford pleaded guilty to one count of computer fraud and one count of aggravated identity theft. Ford posed as an Apple customer support representative and sent out thousands of emails to famous athletes and artists. In these emails, he would request usernames, passwords and answers to various security questions. In some cases, the account holders would pass this information over. Ford would then change the email address, passwords and security question details to completely take over the account.
The US Department of Justice says that there was evidence for hundreds of unauthorised account logins. Using these accounts, Ford was able to obtain credit card information, which he then used to buy furniture, plane tickets, hotels and even transfer money into his own bank accounts.
Chris Hacker, the Special Agent in charge of the investigation rightfully noted that “this case demonstrates the need to be careful in protecting personal information”, adding that this should be “a lesson for everyone, not just the victims in this case”.
KitGuru Says: Phishing scams have gotten more convincing over the years thanks to email spoofing and some email clients don't always make it easy to see the true address a message came from. If you are ever randomly contacted by someone claiming to be a customer service rep, or an official entity like PayPal, a utility provider or even the government, then be sure to double check everything. If you are ever asked to reveal account-specific information, then it is a scam and should be avoided.