Even celebrities fall victim to phishing attacks. A complaint filed in New York earlier this week claims that a man from the Bahamas allegedly tricked hundreds of stars into telling him their email account passwords. With that information, he reportedly stole their personal data, including at least one victim's sexually explicit material, as well as their professional work, like unreleased movie scripts and music.
According to the complaint, 23-year-old Alonzo Knowles reached out to a popular radio show host earlier this month with screenshots of upcoming TV episode scripts and an offer to sell them (the host and TV shows in question are not identified in the complaint). He claimed to already possess the first six episodes of an upcoming season and promised to get the rest once filming wrapped. The radio host immediately went to law enforcement, and a day later, Knowles messaged the host’s phone number, which he allegedly obtained through his hacking endeavors. The radio host then replied, with law enforcement's nod of approval, and connected Knowles with an undercover agent. Ultimately, the agent flew Knowles to the US around two weeks later under the false pretense of wanting to purchase movie scripts and celebrity information. Knowles was arrested upon his arrival and after accepting the agent’s $80,000 during the devised transaction.
If phishing didn’t work, he turned to malware
Throughout their discussions, Knowles claimed to have access to sex tapes, scripts, and the personal information of at least 130 celebrities. For stars who kept their social security numbers in their emails, he could obtain those, too, along with driver’s license and passport details. His sex tape claim wasn't verified in the complaint beyond one victim. However, he said he could find tapes in compromised accounts.
Knowles researched celebrities, likely to figure out how to answer their security questions on their accounts, before going after them. Higher-profile celebrities were apparently more difficult to trick, however, so he often compromised their friends’ accounts first, which he found through pictures of the stars. Once inside their friends' accounts, Knowles could search for victims' phone numbers and "hack" them, the complaint states.
Higher-profile celebrities were apparently more difficult to trick
Armed with their phone number and email, Knowles sent the targets a phony text message saying their account was compromised and they should text back their password to fix it. Apparently people fell for it. Once in the account, he allegedly changed the answers to their security questions and turned off notifications about those changes, so no one would know anything was amiss. If all that failed, however, Knowles turned to malware designed for Windows devices to gain computer access. Many of the victims had no idea their accounts had been compromised and were only identified because their names were watermarked on their scripts.
Knowles appeared in court on Tuesday and was ordered to be detained. He faces charges of criminal copyright infringement and identity theft.