Kwamaine Jerell Ford has pleaded guilty to logging into Apple accounts belonging to high-profile professional athletes and musicians without authorization and stealing credit card information from several of those victims.
“Ford tricked his victims into providing their Apple account passwords and stole sensitive, personal information from the accounts,” said U.S. Attorney Byung J. ‘BJay’ Pak in a statement. “After stealing credit card numbers belonging to several professional athletes, he brazenly spent thousands of dollars on personal expenses charged to the athletes’ accounts.”
“The high profile victims in this case are an example that no matter who you are, hackers like Ford are trying to get your personal information,” said Chris Hacker, Special Agent in Charge of FBI Atlanta, in a statement. “This case demonstrates the need to be careful in protecting personal information and passwords, especially in response to suspicious e-mails. Hopefully this is a lesson for everyone, not just the victims in this case.”
According to U.S. Attorney Pak, the charges and other information presented in court: Beginning in at least March 2015, Ford obtained login credentials for Apple accounts belonging to victims primarily through a phishing scheme, which is a scheme in which the perpetrator sends a message that purports to be from a legitimate source. Ford primarily targeted college and professional athletes, including NBA and NFL players, and rappers in his scheme. Ford sent thousands of phishing emails to his intended victims from email accounts he set up to spoof legitimate Apple customer service accounts. Ford, posing as an Apple customer support representative, requested that the victims send him their username and password or answers to security challenge questions, which Ford claimed was needed either to reset their Apple accounts or to access videos that individuals were purportedly trying to send the victims. Dozens of victims provided their login credentials based on the phishing scheme.
After obtaining the victims’ login credentials, Ford logged into their Apple accounts and attempted to take over the accounts. Specifically, he attempted to reset the account password, change the contact email account to an email address he controlled, and alter the security challenge questions. As a result, the victims could not log into their own accounts unless they contacted Apple by phone and proved their identity. Apple records showed hundreds of unauthorized logins to victim Apple accounts.
After gaining control of the victims’ accounts, Ford found credit card information belonging to several of the victims. Ford then used the stolen credit card numbers to pay for thousands of dollars in air travel, hotel stays, other travel expenses, furniture, and money transfers to online payment accounts under his control.
On April 17, 2018, Kwamaine Jerell Ford, 27, of Dacula, Georgia, was indicted on six counts each of wire fraud, computer fraud, access device fraud, and aggravated identity theft. He pleaded guilty to one count of computer fraud and one count of aggravated identity theft. Sentencing is scheduled for June 24, 2019, at 10:30 before U.S. District Judge Timothy C. Batten Sr.
This case is being investigated by the Federal Bureau of Investigation.
Assistant U.S. Attorney Nathan P. Kitchens, Deputy Chief of the Cyber and Intellectual Property Crimes Section, is prosecuting the case. Former Assistant U.S. Attorney Vivek Kothari investigated the case prior to the indictment.
Source: U.S. Department of Justice
MacDailyNews Take: It’s amazing that phishing still works and to such extent!
Appel Support explains how to avoid phishing emails, fake ‘virus’ alerts, phony support calls, and other scams here.
More form Apple about phishing and other suspicious emails here.