Phishing for Photos & How to Protect Your Computer (Learn More, Video)

By the FBI

Many hackers use the Internet to swindle money or to get revenge on their adversaries. But an Alabama man’s online crime was stealing women’s personal photos simply for the thrill of invading their privacy.

In e-mails to prospective victims, Kevin Maldonado, 35, purported to be an administrator for their e-mail provider and requested that they change their passwords.

He then captured those passwords and accessed their private information—a computer intrusion technique known as phishing.

More than 50 women fell for the scheme. And once Maldonado had their passwords, he could unlock his victims’ online lives, including pictures on their cell phones that were backed up to the cloud.

“Getting into these people’s personal lives in a deviant manner excited him,” said Special Agent Emily Celeste, who investigated the case out of the FBI’s Birmingham Division.

(Learn More. Ashley Reynolds was 14 when she was victimized by an online predator in 2009.Courtesy of the FBI and YouTube)

Maldonado stole and downloaded thousands of photos from unsuspecting women for more than a year, and they never knew it until the FBI notified them.

The case came to the FBI’s attention when some of the recipients of Maldonado’s e-mail who were suspicious of the message notified their provider, who, in turn, alerted the Bureau.

Working collaboratively with the company, the FBI was able to trace the e-mails back to Maldonado’s computer in Birmingham, Alabama.

While some of the photos Maldonado stole were explicit, others were simply everyday pictures of children, pets, and family get-togethers.

Unlike some similar cases where stolen information is released to embarrass victims, Maldonado kept the photos on his own computer for his own use.

“You have pictures of your kids all over your phone, family moments, and he harvested them for himself,” Celeste said. “It was just disgusting.”

(Learn More. Courtesy of Wochit Entertainment and YouTube)

“Once somebody obtains your password or can answer your security questions, they’ve opened up your entire world.”

Emily Celeste, special agent, FBI Birmingham

Given Maldonado’s random approach to finding his victims, there was minimal connection among them, although many were models or in the fitness industry.

Some had been romantically involved with Maldonado, some he had found online, and others lived in his community.

After Maldonado accessed one woman’s e-mail, he would then use her contacts list to identify future victims.

Maldonado pleaded guilty in federal court in Birmingham, Alabama in February 2017 to computer intrusion, and a judge later sentenced him to six months in prison and three years of supervised release.

The case is noteworthy because of the perpetrator’s motives and the randomness of the targets, but overall, phishing is a common crime.

According to the FBI’s Internet Crime Complaint Center (IC3) 2016 Internet Crime Report, there were more than 19,000 victims of phishing and related scams last year.

“Number one is not to ever respond to any type of e-mail request with your username and password,” Celeste said.

“Also, definitely be careful what you put out online, especially when it ties back to your security questions. Once somebody obtains your password or can answer your security questions, they’ve opened up your entire world.”

Celeste advises using a diverse array of passwords to protect yourself, so if one password is compromised, a thief cannot easily access other accounts.

“Connecting all of those accounts, like most people do, he was able to have control over their lives, and they didn’t know it,” Celeste said.

(An FBI special agent defines sextortion and provides tips to avoid falling prey to online predators. Courtesy of the FBI and YouTube)

How to Protect Your Computer

The same advice parents might deliver to young drivers on their first solo journey applies to everyone who wants to navigate safely online.

A special agent in our Cyber Division offered the following:

  • “Don’t drive in bad neighborhoods.”
  • “If you don’t lock your car, it’s vulnerable; if you don’t secure your computer, it’s vulnerable.”
  • “Reduce your vulnerability, and you reduce the threat.”

Below are some key steps to protecting your computer from intrusion:

Keep Your Firewall Turned On

A firewall helps protect your computer from hackers who might try to gain access to crash it, delete information, or even steal passwords or other sensitive information. Software firewalls are widely recommended for single computers. The software is prepackaged on some operating systems or can be purchased for individual computers. For multiple networked computers, hardware routers typically provide firewall protection.

Install or Update Your Antivirus Software

Antivirus software is designed to prevent malicious software programs from embedding on your computer. If it detects malicious code, like a virus or a worm, it works to disarm or remove it. Viruses can infect computers without users’ knowledge. Most types of antivirus software can be set up to update automatically.

Install or Update Your Antispyware Technology

Spyware is just what it sounds like—software that is surreptitiously installed on your computer to let others peer into your activities on the computer.

Some spyware collects information about you without your consent or produces unwanted pop-up ads on your web browser.

Some operating systems offer free spyware protection, and inexpensive software is readily available for download on the Internet or at your local computer store.

Be wary of ads on the Internet offering downloadable antispyware—in some cases these products may be fake and may actually contain spyware or other malicious code.

It’s like buying groceries—shop where you trust.

Keep Your Operating System Up to Date

Computer operating systems are periodically updated to stay in tune with technology requirements and to fix security holes.

Be sure to install the updates to ensure your computer has the latest protection.

Be Careful What You Download

Carelessly downloading e-mail attachments can circumvent even the most vigilant anti-virus software.

Never open an e-mail attachment from someone you don’t know, and be wary of forwarded attachments from people you do know.

They may have unwittingly advanced malicious code.

Turn Off Your Computer

With the growth of high-speed Internet connections, many opt to leave their computers on and ready for action.

The downside is that being “always on” renders computers more susceptible.

Beyond firewall protection, which is designed to fend off unwanted attacks, turning the computer off effectively severs an attacker’s connection—be it spyware or a botnet that employs your computer’s resources to reach out to other unwitting users.

Risk of Peer-to-Peer Systems

The FBI is educating and warning citizens about certain risks and dangers associated with the use of Peer-to-Peer systems on the Internet.

While the FBI supports and encourages the development of new technologies, we also recognize that technology can be misused for illicit and, in some cases, criminal purposes.

Peer-to-Peer networks allow users connected to the Internet to link their computers with other computers around the world.

These networks are established for the purpose of sharing files.

Typically, users of Peer-to-Peer networks install free software on their computers which allows them to:

  • Find and download files located on another Peer-to-Peer user’s hard drive
  • share with those other users files located on their own computer.

Unfortunately sometimes these information-sharing systems have been used to engage in illegal activity.

Some of the most common crimes associated with Peer-to-Peer networks are the following:

Copyright Infringement:

  • It is a violation of federal law to distribute copyrighted music, movies, software, games, and other works without authorization.
  • There are important national economic consequences associated with such theft.
  • The FBI has asked industry associations and companies that are particularly concerned with intellectual property theft to report to the FBI—for possible criminal investigation and prosecution—anyone that they have reason to believe is violating federal copyright law.

Child Exploitation and Obscenity:

  • The receipt or distribution of child pornography and unlawful obscenity over the Internet also is a serious federal crime.
  • The FBI cautions parents and guardians that, because there is no age restriction for the use of Peer-to-Peer services, pornography of all types is easily accessible by the many young children whose parents mistakenly believe they are only accessing music or movies.
  • In fact, children may be exposed to pornography—and subsequently lured by sexual predators—even though they were not searching for pornography, as some network users deliberately mislabel the names of files for this purpose.

Computer Hacking:

  • Peer-to-Peer networks also have been abused by hackers.
  • Because these systems potentially expose your computer and files to millions of other users on the network, they also expose your computer to worms and viruses.
  • In fact, some worms have been specifically written to spread by popular Peer-to-Peer networks.
  • Also, if Peer-to-Peer software is not properly configured, you may be unknowingly opening up the contents of your entire hard drive for others to see and download your private information.

The FBI urges you to learn about the risks and dangers of Peer-to-Peer networks, as well as the legal consequences of copyright infringement, illegal pornography, and computer hacking.

For more information about the law, visit www.usdoj.gov/criminal.

The FBI takes seriously its mission to enforce the laws against those who use the Internet to commit crime.

To report cyber crime, please contact your local FBI Field Office, or file a complaint through the Internet Crime Complaint Center at www.IC3.gov.