NBA and NFL players allegedly targeted in social media phishing scam

Two men were charged by the U.S. Department of Justice for allegedly hacking the social media accounts of NBA and NFL players.

Both men, Ronnie Magrehbi, 20, of Florida, and Trevontae Washington, 21, of Louisiana, face a hefty fine along with time in prison.

According to a statement by the DOJ, between December 2017 and April 2019, they targeted the social media accounts of professional athletes in the NFL and NBA via phishing campaigns.

Washington would create fake login pages for social networking sites and then message the athletes on those platforms. When a player clicked the link, they were greeted with what looked like a login page for a social network. When an athlete entered their information, that sensitive information was sent to Washington.

Once the accounts were compromised, he would sell access to them for between $500 and $1,000.

Magrehbi appeared to take the scheme even further. After gaining access to both the Instagram and personal email accounts of one NFL player, Magrehbi held the accounts for ransom. The NFL player sent the extortion payment to Magrehbi on at least one occasion in order to regain access to his accounts, according to the DOJ. However, Magrehbi never provided the player with access.

The DOJ said that Magrehbi transferred part of the extortion payment to his own personal bank account.

Each man was charged with conspiracy to commit wire fraud and conspiracy to commit computer fraud and abuse.

The wire fraud charge could land the two a maximum of 20 years in prison, while the computer fraud conspiracy charge could result in a maximum of five years in jail. Both could result in a fine of up to $250,000.

Phishing campaigns are the most common type of computer hack. The attacker just needs to create a carbon copy of a website’s login page and convince their target to input their credentials. Basically, phishing turns anyone with a little computer know-how into a "hacker."

Part of the money-making scheme targeting pro athletes is very reminiscent of the big Twitter hack that occurred earlier this year. Multiple verified accounts belonging to users including Barack Obama and Elon Musk were hacked in an attempt to perpetuate a Bitcoin scam. A 22-year-old and two teenagers were later charged for the Twitter hack.