In this real-life story, it is 2018 and Kwamaine Ford, an employee of a celebrity at the time, seemed to have the world by the tail. He traveled in famous circles and lived a glamorous lifestyle. However, Ford had a dirty secret – he was funding his lifestyle with an illegal hobby. He used his social networks to phish celebrities’ accounts, taking advantage of their credit cards and other assets.
How did Ford accomplish this? He used celebrities’ contact information to call them, posing as an Apple customer service associate, and ask them to change or share their passwords. He convinced more than 100 victims to give him their iCloud passwords, thereby gaining access to a plethora of personal information including photos, emails and sensitive documents.
As Apple began to receive phishing complaints from these celebrities, the company involved the FBI to investigate. They learned that Ford stole an estimated $325,000 by fraudulently using victims’ credit card numbers he obtained through phishing. Special Agent Joseph Zadik, who investigated the case out of the FBI’s Atlanta field office, said, “A lot of people are using cloud-based services to back up data from their devices. This important information is stored remotely and accessed through login credentials.”
What Can Credit Unions and Members Learn from This Story?
While credit unions take great care to protect their members’ credit card and financial information, it is easy to overlook what is stored in the cloud. By default, many email systems and productivity tools store files on the web. Imagine the wealth of information held in the countless emails and documents you save. How many times have you been told to file electronic copies of important documents in the cloud to act as back-ups? While it is a great best practice from an accessibility standpoint, it gives cybercriminals an opportunity for data theft depending on how secure the controls are.
continue reading »