Phishing Scheme Perpetrator Sentenced

PhishingAndrew Helton, a 29 year old man from Oregon, has pleaded guilty to heading up a phishing scheme that tricked users into giving up their Gmail and Apple account usernames and passwords.  Through this data he was able to obtain access to photos and other personal data, including at least 161 explicit or nude photos.  Some of the people whose accounts he hacked belonged to unnamed celebrities.

According to ARS Technica, Helton sent out phishing emails in which he was impersonating Gmail or Apple.  The emails asked users to verify their account information by re-entering their usernames and passwords.  The emails were sent out

Obviously many people are aware of schemes like this, however it’s very easy to fall for official looking emails such as this if the author of the emails is good at making them look “authentic” enough.  Or, if a person is distracted enough or going through a hard time in their life they may be more likely to fall for schemes such as these.

This is a great time to remind all computer users everywhere to be very skeptical of “official” emails from companies.  Companies such as Apple or Google will almost NEVER ask you to verify your account information.  Unsolicited emails such as that should be looked at very suspiciously.  If you do indeed get such an email follow these steps:

  1. Look at the sender.   Try to identify any presence of suspicious names, or if the email is entirely different from a google.com or apple.com name.  Often phishing emails will be sent from gobbledygook emails.
  2. Examine where the link leads to.  Sometimes phishers will attempt to make a link “look” official by adding Apple or Gmail somewhere in the link, however there will usually be some other nonsense in the link that will give it away.
  3. Do a quick Google search for the subject of the email or some content from the email itself.  Often someone will have posted about the scheme somewhere on the internet warning others not to fall for it.  Many watchdog sites will reprint the emails so you can easily search for them.  Try including snippets of text within quotation ” markers in order to search for specific text (for example: put into Google  “Google kindly requests that you verify your user information” )
  4. Just ignore it.  If it’s really that important you will hear from the company again.
  5. If an email sounds threatening or is urging you into quick action or you will suffer consequences, then it’s likely a phishing scheme.  Companies will not send such emails.
  6. If the email is not personalized then it should be a red flag.
  7. Ensure that you are running a good antivirus software with active protection measures such as Norton 360.
  8. Follow security and tech blogs so you can stay on top of the latest threats.

If you do at least a few of the above then you’ll definitely be ahead of the game.  Knowledge is power, and the more you know about the patterns of phishing schemes the better you’ll be at identifying.  However even the best of us tend to get fooled sometimes.  Even I almost got tricked by the IRS phone phishing scheme however a quick Google search eased my fears that it was all a scam and the IRS was definitely not trying to file a lawsuit against me.

 

About the Author

Roger Feinstein has grown up with computers his entire life and strives to help others understand what goes on behind the scenes in their PCs. He's been writing tech articles for websites for over 5 years.

Leave a Reply




If you want a picture to show with your comment, go get a Gravatar.