Published: February 9, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
It’s rare that we hear of hackers being brought to justice. But finally, a hacker targeting large companies since 2015 was finally caught. British resident Grant West, 27, was apprehended by the Metropolitan Police Cyber Crime Unit (MPCCU) and a treasure trove of stolen data was found in his home. Among the discoveries was an SD memory card with 78 million usernames and passwords as well as 63,000 credit and debit card details. West sold the data underground for Bitcoin and other e-currencies that are untraceable. The MPCCU arrested West in 2017 after its two-year investigation into the hacker dubbed “Operation Draba.” He was recently ordered to pay back over $1.1 million in Bitcoin to the victims of his crimes.
This cybercriminal was prolific in his hacking efforts and is believed to be behind massive data theft operations. Authorities found evidence West was a culprit who used email phishing scams on the websites of companies including Uber, T-Mobile, Groupon, and Just Eat. Although the Just Eat online food service hack failed to steal customer data, it alone cost the company over $200,000 in damages. A laptop belonging to West’s girlfriend was also discovered with the financial information of over 100,000 individuals. Perhaps not exactly an upstanding citizen, West was also found selling marijuana to online customers as well as selling “how to” kits to aspiring hackers.
When the gavel finally came down on West, he was ordered to spend 10 years and eight months in jail. The charges covered 10 counts of criminal acts including conspiracy and possession of criminal property. The judge ordered his e-currency accounts to be confiscated, totaling almost $1 million to be distributed to his victims. Should West refuse the confiscation, it would add an additional four years to his sentence.
Always have your guard up when reading email messages. Suspect phishing if anything in a message seems strange. Don’t open email attachments or click links from unknown senders or if you are not expecting to receive them, regardless of who the sender may be. Typos and improper grammar use are also tell-tell signs the email may be phishing. And if you do need to click a URL, be 100% certain it’s the correct spelling of it. In other words, watch out for typosquatting. If you are ever not sure, don’t click it and ask for assistance.
The fact that email phishing was the tool of choice for West to steal epic amounts of data should be a wake-up call to us all. It’s yet further proof of how important practicing anti-phishing tactics can be. Doing so can save countless unsuspecting individuals from becoming victims to criminals like West and the many others like him.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org