Karim Baratov has pleaded guilty to the massive Yahoo hack that compromised billions of Yahoo accounts in 2014. Baratov, a Canadian citizen born in Kazakhstan, was arrested at his home in Toronto.
Baratov has revealed details of his operation. He generally gained access to accounts by spearphishing. Specifically, he would send emails that appeared to come from the email provider used by a victim. The emails would contain links to fake webpages he set up that had login forms on them. People would log into them, thinking they were logging into a legit website, giving Baratov their login credentials.
From there, he would send screenshots from inside a victim’s account to the FSB (Russia’s Federal Security Service, previously known as the KGB). Once the FSB sent him money, Baratov would send the stolen login information.
Baratov is facing twenty years in prison on various charges.
Spearphishing is a popular way to steal information, but it’s actually pretty easy to avoid if you know what to look for. To make sure you or your employees don’t fall victim to spearphishing attacks, sign up for Security Awareness Training before it’s too late.