Fake tech support mails used to phish for photo album logins
George Garofano, 26, of Northford, Connecticut, USA, pleaded guilty this week to one count of unauthorized access to a protected computer to obtain information. The FBI reckons Garofano actually ransacked more than 250 cloud accounts, however, in a plea deal he ‘fessed up to just one charge.
According to the Feds, between April 2013 and October 2014, Garofano was part of a creepy crew who sent fake Apple technical support emails to celebs and those who worked for them, tricking many of their marks into handing over their iCloud passwords, either by social engineering or by directing them to a phishing website. This allowed the cyber-villains to harvest the Apple-hosted accounts for naked selfies, sex tapes, personal information, and other compromising material, which eventually made their way online.
“Garofano used the usernames and passwords to illegally access his victims’ iCloud accounts, which allowed him to steal personal information, including sensitive and private photographs and videos, according to his plea agreement,” prosecutors in California said on Thursday.
“In some instances, Garofano traded the usernames and passwords, as well as the materials he stole from the victims, with other individuals.”
As well as Garofano, three other people have since been cuffed by the Feds for their part in the hustle.
Emilio Herrera pled guilty in October to Celebgate hacking, and last January Illinois man Edward Majerczyk was jailed for nine months for his role in the affair. In October 2016, Ryan Collins got 18 months in the cooler for similar, albeit more widespread, hacking of accounts.
Garofano was charged in California, and his trial was moved to his home state as part of the plea deal. He faces a maximum of five years behind bars and a supervised release. ®