A Georgia man pleaded guilty last week to using phishing tactics to hack the Apple accounts and credit card details of a number of “high-profile” celebrities and athletes, scamming victims out of hundreds or thousands of dollars, according to the Justice Department.
For roughly three years beginning in at least March 2015, Kwamaine Jerell Ford was able to convince dozens of individuals—including professional and college athletes as well as rappers, who were not identified—to share their iCloud login credentials by sending emails intended to look like they were coming from an Apple customer service account, the Justice Department said.
According to a court filing, Ford sent phishing emails using the intentionally misleading email addresses “firstname.lastname@example.org” and “email@example.com.” He would sometimes pose as an Apple representative while speaking with the victims by phone, the filing claims.
Ford attempted to use the victims’ login credentials to take over their iCloud accounts by changing their passwords, email addresses, and security questions, essentially locking them out completely unless they contacted Apple directly by phone, according to the Justice Department. After gaining access to their accounts, the court filing said, Ford would use their credit card information to wire money to himself or charge purchases, which included everything from travel expenses and airfare to furniture.
Ford was indicted on six counts in April of last year but pleaded guilty on Thursday to one count of aggravated identity theft and one count of computer fraud, according to the U.S. Attorney’s Public Affairs Office. His sentencing is scheduled to take place in June.
“The high profile victims in this case are an example that no matter who you are, hackers like Ford are trying to get your personal information,” Special Agent Chris Hacker of FBI Atlanta said in a statement. “This case demonstrates the need to be careful in protecting personal information and passwords, especially in response to suspicious e-mails.”
Phishing scams can be incredibly crafty and often use brand impersonation to target large numbers of victims at once, basically banking on eventually being able to hook an unsuspecting victim. Ford himself reportedly sent “thousands” of phishing emails as part of his scheme, the Justice Department said.
Google recently put together a helpful phishing quiz to help users better identify some of the telltale signs of a scam, including ever-so-slightly tweaked email addresses and URLs. As a general rule, Apple—and most other companies—specifies that it will never ask you to share your Apple ID password or 2FA codes, so any email or other communication asking you to hand over this information is likely a scam.