A Cameroon national has been extradited from France to the US after stealing airline tickets worth a phenomenal $2 million.
32-year old Eric Donys Simeu targeted travel agencies and travel-related websites in an international phishing campaign that lasted for more than three years.
So how did he do it?
Simeu specifically targeted US companies that issue airline tickets through GDS (Global Distribution System). Digital Trends reports:
He perpetrated his phishing campaign on two particular companies in Texas and Georgia that utilize GDS, which is how he got on the radar of US authorities.
Using fake phishing emails, Simeu persuaded company employees to hand over their login credentials. With the doors wide open, he was able to issue fraudulent airline tickets at will.
All he needed to do then was turn those tickets into hard cash. According to the Department of Justice:
Simeu and others then allegedly sold these airline tickets to customers, mostly in West Africa, for fractions of the actual cost, or used them for personal travel.
Arrested in France
Simeu was using one of his fake tickets when he was arrested on a trip from Morocco to Paris in September 2014. French law enforcement collared the fraudster – who was travelling under the name of Martell Collins and using a UK passport – and kept him locked tightly behind bars until his extradition last week.
Special Agent J. Britt Johnson from FBI’s field office in Atlanta commented:
The arrest and extradition of Eric Simeu is the result of a multi-national effort led by the FBI, which demonstrates the benefits of global cooperation among international law enforcement and the private sector.
US authorities have now charged 32-year old Simeu with conspiracy, wire fraud, computer fraud and access device fraud.
International fraudsters take note!
While the case against Simeu is ongoing, Special Agent Johnson is obviously delighted with the outcome. He hopes it sends a clear message to would-be international fraudsters:
Those who target US companies and citizens through cyber attacks and spear phishing emails can no longer be confident they will remain anonymous and be protected by geographic boundaries.
Global cooperation to combat phishing and other cybercrimes is to be warmly welcomed but obviously prevention is better than cure.
Spotting and stopping phishing attacks can be difficult – for a good place to start learning how, take a look at our lessons from recent phishing attacks.Follow @NakedSecurity