Social engineering continues to be a popular method for attackers to gain access to accounts so they can steal vital information from victims.
Along those lines a Georgia man just pleaded guilty to tricking musicians and athletes into revealing their account passwords so he could steal important information like credit card numbers, officials said.
Kwamaine Jerell Ford, 27, of Dacula, GA, tricked victims into revealing their Apple account passwords so he could gain entry into their accounts and steal sensitive data.
“Ford tricked his victims into providing their Apple account passwords and stole sensitive, personal information from the accounts,” said U.S. Attorney Byung J. “BJay” Pak. “After stealing credit card numbers belonging to several professional athletes, he brazenly spent thousands of dollars on personal expenses charged to the athletes’ accounts.”
“The high profile victims in this case are an example that no matter who you are, hackers like Ford are trying to get your personal information,” said Chris Hacker, special agent in charge of FBI Atlanta. “This case demonstrates the need to be careful in protecting personal information and passwords, especially in response to suspicious e-mails. Hopefully this is a lesson for everyone, not just the victims in this case.”
Ford leveraged a phishing scheme to obtain Apple account credentials, according to court documents. He primarily targeted college and professional athletes, including NBA and NFL players, and rappers.
Ford, posing as an Apple customer support representative, requested the victims send him their username and password or answers to security challenge questions, which Ford claimed was needed either to reset their Apple accounts or to access videos that individuals were purportedly trying to send the victims. Dozens of victims provided their login credentials based on the phishing scheme.
Ford then logged into the victims’ Apple accounts and attempted to take over them by resetting the passwords, changing contact email address, and modifying the security challenge questions. Victims were forced to contact Apple by phone to prove their identity.
After gaining control of the victims’ accounts, Ford found credit card information belonging to several of the victims, said officials at the Department of Justice (DoJ). Ford then used the stolen credit card numbers to pay for thousands of dollars in air travel, hotel stays, other travel expenses, furniture, and money transfers to online payment accounts under his control.
Ford pleaded guilty to one count of computer fraud and one count of aggravated identity theft. He will face sentencing June 24.