The US Department of Justice has charged two men for allegedly hacking social media and other accounts belonging to NFL and NBA players, Mashable reports. Trevontae Washington, 21, of Thibodaux, Louisiana, and Ronnie Magrehbi, 20, of Orlando, Florida, are each charged with one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer fraud and abuse.
The indictment alleges that Washington set up phishing sites that spoofed the login portals of social media sites, then messaged athletes on those platforms with a link to the phishing sites.
“Washington is alleged to have compromised accounts belonging to multiple NFL and NBA athletes,” the indictment states. “Washington phished for the athletes’ credentials, messaging them on platforms like Instagram with embedded links to what appeared to be legitimate social media log-in sites, but which, in fact, were used to steal the athletes’ user names and passwords. Once the athletes entered their credentials, Washington and others locked the athletes out of their accounts and used them to gain access to other accounts. Washington then sold access to the compromised accounts to others for amounts ranging from $500 to $1,000.”
Magrehbi, on the other hand, is accused of hacking a football player’s online accounts and then extorting the victim.
“Magrehbi is alleged to have obtained access to accounts belonging to a professional football player, including an Instagram account and personal email account,” the DOJ says. “Magrehbi extorted the player, demanding payment in return for restoring access to the accounts. The player sent funds on at least one occasion, portions of which were transferred to a personal bank account controlled by Magrehbi, but never regained access to his online accounts.”
The men could face up to twenty years in prison and a fine of up to $250,000 for wire fraud, and up to five years in prison and another fine of up to $250,000 for computer fraud conspiracy.
Unfortunately, most cybercriminals won’t be deterred by such news, especially those living abroad. New-school security awareness training can help your employees defend themselves against phishing and other social engineering attacks.
Mashable has the story.