We don’t often hear enough stories of cybercriminals being caught and paying back what they’ve stolen, but in the case of scammer Grant West, that’s exactly what has happened. Back in 2015, West was the author of a simple and yet sophisticated phishing scam purporting to be the food delivery service Just Eat asking U.K. customers to complete a survey in exchange for £10. Using a Just Eat spoofed logon page, West was able to collect usernames and passwords. Victims took the “survey” and were asked to provide banking details to receive their compensation.
According to recent details, the police found plenty of proof that West had been either collecting or leveraging victim’s personal or financial details – when arrested, West had financial data on 100,000 individuals, 78M sets of usernames and passwords, and 63,000 credit or debit card details.
Arrested in 2017 and convicted this year, West was compelled by the British court to give back over $1M, securely stored as cryptocurrency, in exchange for a reduction in his overall sentence.
It obviously feels good to hear about a scammer getting their just reward, but it should serve as a warning to organizations of just how easy it is to get into the phishing scam business, obtain and sell personal details on the dark web, and to actually fool individuals into falling for well-designed scams.
It’s no longer sufficient for organizations to merely warn users of specific scam or attack tactics; organizations must create a security culture using Security Awareness Training to ensure everyday non-IT users remain vigilant against attacks such as West’s survey scam.
