A reminder: phishing and brand-spoofing works best against the unsecured and unaware.


A phishing scam perpetrated by a man stealing sensitive personal information from high-profile individuals should provide a warning sign to organizations of all sizes: this could happen to you without the right safeguards in place. 

According to a report in Dark Reading, a Dacula, Ga. resident named Kwamaine Jerell Ford has pled guilty to one count of computer fraud and one count of aggravated identity theft in a scheme where he stole credit card information from the Apple accounts of celebrity rappers, NBA and NFL players.

Dark Reading reported that the number of targets who fell for the phishing scam totaled in the dozens.

According to the US Department of Justice, the 27-year old cybercriminal posed as an Apple customer support representative in thousands of phishing emails asking targets to reset their accounts, through which he gained access to their account and then stole credit card numbers. He then made a series of high cost purchases using these stolen cards including air travel, hotels, and furniture, and initiating money transfers to online accounts.

"The high-profile victims in this case are an example that no matter who you are, hackers like Ford are trying to get your personal information,” said Chris Hacker, Special Agent in Charge of the Federal Bureau of Investigation (FBI) in Atlanta.

Phishing attacks big and small

Phishing is the go-to attack technique for both high and low-profile attacks, and has been for years. While in this case the attacker focused on high-profile celebrities, this same level of targeting and brand-spoofing is used to victimize regular companies, their executives and staff every day.

The reason why we keep seeing these types of phishing attacks over and over again—no matter the size of the target or if they’re going directly after money, corporate IP or personally identifiable information (PII)—is a simple one: they consistently work. They work in part because of human nature and how sometimes people can be overly trusting and very busy.

The FBI offered sound advice in this instance, asking people to “be careful in protecting personal information and passwords, especially in response to suspicious emails.” For organizations, this advice is a good start as well, but it takes more to achieve cyber resilience against sophisticated attackers.

The best defense is to use email and web security systems that are built to defend against targeted phishing such as these, provide continuous security awareness training for the entire organization, and to implement business processes and data handling that aren’t vulnerable to a single point of failure.

And it is key to remember that you or your organization does not need to be high-profile to be targeted by these types of phishing attacks.

Wil je nog meer geweldige artikelen zoals deze? Schrijf je dan in op onze blog.

Krijg al het laatste nieuws, tips en artikelen direct in uw inbox afgeleverd

Misschien vind je dit ook leuk:

Fraude en spear-phishing op directieniveau internationaal bekeken

These long-standing cyberattack types ar…

These long-standing cyberattack types are more prevalent tha… Read More >

Boris Vaynberg

by Boris Vaynberg

VP and GM for Advanced Threat Detection

Posted Mar 28, 2019

Reële aanvallen op toeleveringsketens: de cyberkloof overbruggen

Cyberattackers attempted to take down th…

Cyberattackers attempted to take down the US electric grid&m… Read More >

Ed Jennings

by Ed Jennings

Former Chief Operating Officer

Posted Mar 25, 2019

Ga discreet te werk: de training cyberbewustwording voor werknemers

Make a plan for educating employees. Em…

Make a plan for educating employees. Employees are usually … Read More >

Michael Madon

by Michael Madon

SVP & GM for Security Awareness and Threat Intelligence Products

Posted Mar 12, 2019