Two men have been arrested in the UK, accusing them of running a scheme to sell thousands of Apple user profiles and credit card data from customers to services such as Netflix and Spotify. They launched a phishing campaign against customers of these platforms, resulting in the database selling for over US$189,800 (approximately R$975,000 at current prices).
According to officials, millions of emails were sent by the two men between 2017 and 2019, always posing as aid companies to prompt victims to enter their data on fake pages. The information was then resold to be used in the new fraud, while the amounts were paid in cryptocurrency. According to police information, 64,000 credit cards and 24,000 Apple ID-linked credentials were spoofed under the scheme.
The operation was derailed between July and December 2019, when UK Police launched a search and seizure operation on the addresses of those responsible. Gary Kelly, 32, and Craig Gorton, 30, were eventually arrested and, along with them, were found to have devices containing details of the phishing campaign as well as databases containing stolen user information.
Want to be on top of the day’s best tech news? Access and subscribe to our new YouTube channel, Canaltech News. A summary of the headlines from the tech world for you every day!
According to the defendants’ defenses, Kelly found a way to support his family in phishing operations, coming back to a life of crime after serving a 10-year prison sentence for fraud. Gorton, on the other hand, claimed to have a minor role in the plan, having only been recruited by his colleague and acting in a minor way.
This week, the two pleaded guilty to the crimes before a court in Liverpool, England. Kelly was sentenced to three years and four months in prison, while Gorton received a two-year sentence, which was suspended because of the time he had already spent in captivity; In addition, he will also have to do 100 hours of community work and undergo 20 days of rehabilitation.
The recommendation of the authorities in connection with the case was for victims of phishing and data theft operations to register incidents with the police, so that action could be taken to arrest the suspects. In addition, simple measures such as the use of complex passwords and care when registering or filling out incoming registrations by email or instant messaging also help keep information secure.