Phishing scheme impersonated Apple to trick celebrities
- Updated at
- By Gatefy
- Blog, Security News
An American man pleaded guilty to applying phishing scams on celebrities using Apple’s name to steal credit card data. According to the Department of Justice, the hacker’s targets were rappers and athletes, including NBA and NFL players. The attacks began in 2015.
The damage is estimated at thousands of dollars, which were used to pay for furniture and travel expenses, such as transportation, food and hotel stays. In addition, the cybercriminal made money transfers to his own accounts. The charges include aggravated identity theft, wire fraud, computer fraud, and device fraud.
“This case demonstrates the need to be careful in protecting personal information and passwords, especially in response to suspicious emails. Hopefully this is a lesson for everyone, not just the victims in this case”, pointed out Chris Hacker, special agent of FBI Atlanta.
How the phishing scheme worked
Using a spoofed email that imitated an Apple domain, the hacker sent thousands of phishing messages.
The celebrities then received emails that appeared to be from Apple and claimed that their accounts had problems. So, with the promise to solve the issue, the hacker impersonated the technical support and asked the victims for their usernames and passwords or the answers to security questions.
After receiving the information, the cybercriminal had access to the victim’s full Apple profile, including credit card details. His next step was an attempt to take over the accounts. To do so, he changed passwords, contact emails and security questions. After that, the victims tried to access their accounts without success, having to contact Apple to regain access.
