In a case that made headlines in August of 2014, troves of nude photos and videos surfaced online after an unauthorized third party gained access to email accounts of more than 100 people, including Hollywood celebrities. On May 24th, the culprit, a Lancaster, Pennsylvania-based hacker named Ryan Collins, pleaded guilty before a Senior U.S. District Court Judge in Harrisburg.
In a press release dated May 24, the U.S. Attorney’s Office in the Middle District of Pennsylvania noted, “Collins admitted that from November 2012 until the beginning of September 2014, he engaged in a phishing scheme to obtain usernames and passwords for his victims. He sent e-mails to victims that appeared to be from Apple or Google and asked victims to provide their usernames and passwords.”
The successful phishing scheme gave Collins’ illegal access to personal data—including sensitive photographs and videos—from 50 iCloud accounts and 72 Gmail accounts. It was also noted that the 36 year-old-hacker utilized a software program that enabled the download of the entire content of a target’s Apple iCloud backups.
Authorities mentioned that while the investigations were propelled by what is now infamously known as the “Celebgate” scandal, investigators have not formed a link between Collins and the slew of celebrity leaks, much more if Collins did share information he collected.
Prior to his guilty plea, Collins was charged in Los Angeles before the case was transferred to Pennsylvania where he was residing. Currently, Collins is facing a sentence of five-year imprisonment and a fine amounting to $250,000.
Old trick, bigger scope
Phishing is an age-old technique that has successfully tricked users into becoming victims. This is a tactic popularly known for being a simple, yet elaborate way to dupe unknowing users into giving out personal information such as log-in credentials, credit card and bank account details, down to Social Security numbers, much like how Collins mobilized his hacking operation.
It is a method used by a cybercriminal to gather information, and often involves spoofed or bogus webpages, legitimate-looking email messages, and links feigning legitimacy that open the entry way to information theft. Once the bait is bit, a careless user could easily be handing his or her personal information to a fraudulent party.
In a published report by the anti-cybercrime coalition Anti-Phishing Working Group (APWG), phishing attacks seen in the first quarter of 2016 were said to have significantly risen—the highest, in fact, in any other quarter that group has observed since 2004. According to the report, almost 300,000 unique phishing sites have been sighted in Q1, 124,000 of which were seen in March alone, far from the almost 45,000 sites observed in November of 2015.
The group noted that a huge 250% growth in terms of identified phishing websites in the first quarter of 2016 compared to what was seen in the last quarter of 2015. Further exploration of data then showed that the retail industry remains the most targeted sector, having 43% of the reported attacks while the United States continue to play host to the most phishing websites seen.
Just recently, WhatsApp users were plagued with messages that invite them to download what is touted as an “exclusive” version of the app called, WhatsApp Gold. The lure was plain and simple: an invitation to use the upgraded version of the app accessible only to the biggest of celebrities, with features that are exclusive to the select few. However, this leads the app's users to a poisoned link that is capable of stealing information and tracking victims’ every movement.
In the same month, baby retailer Kiddicare was reported to have suffered from a data breach that exposed almost 800,000 customer details to data thieves. This started from what authorities call as “phishing communication” from a bogus website that claims to be affiliated with the company. This led to stolen data that included names, email addresses, phone numbers, and shipping addresses.
Consumers were not the only ones targeted by phishing attacks. This technique has also fueled Business Email Compromise schemes that victimized companies, especially during the tail-end of the tax season. Popular photo- and video-sharing application Snapchat disclosed a phishing scam that tricked an employee into inadvertently send sensitive information requested by an email masquerading as an official inquiry from the company’s Chief Executive Officer. This lapse in judgment then brought payroll information of an undisclosed number of employees.
Phishing may not be an advanced cybercriminal tactic, but it has remained an effective technique that works for data thieves. This is a technique that has evolved through the years, banking on hooks that turn any unknowing user or target into a victim. “Globally, attackers using phishing techniques have become more aggressive in 2016, with keyloggers that have sophisticated tracking components to target specific information, and organizations such as retailers and financial institutions that top the list,” APWG’s Dave Jevans ends.
Like it? Add this infographic to your site: 1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).