A man from Arizona was detained and charged for hacking into a hair salon chain with its headquarters in New York in order to steal hundreds of thousands of dollars. This was done completely remotely, without the suspect ever physically entering any of the chain’s locations.
The information was made public by the US Department of Justice (DoJ): Foster Cooley, 23, was charged in a federal court in New York by US Attorney Damian Williams.
Foster Cooley allegedly participated in a scheme to hack into a salon company’s point-of-sale provider and steal over $400,000 of credit card payments from its customers. And because Cooley was able to steal this money without stepping foot into one of the salons he stole from, his crimes went undetected for weeks. Hacks like this that compromise the integrity of our electronic payment systems cause great harm to businesses and consumers alike.
Statement from U.S. Attorney Damian Williams
How Did the Scam Take Place?
Cooley is accused of using malware to steal the usernames and passwords of employees of the New York, New Jersey, and Colorado locations of the hairdressing company. He allegedly used this information to get into victims’ internet browsers and access their saved credit card information, explains Cyber News.
The DoJ revealed that after Cooley got this access, he changed the bank accounts that were set up to receive payments from salon branches. He then redirected payments to accounts that he and his associates controlled.
Using this method, Cooley allegedly ran a two-week scam beginning in May of this year, in which he stole over $430,000 from customers at various salon locations. The original destination of these funds was the headquarters of the controlling company.
If found guilty of all the charges against him, Cooley could spend many years in prison. The maximum sentence for a single count of wire fraud against him is 20 years, and the maximum sentence for causing damage to a protected computer through fraud is 10 years.
The FBI’s Cyber Task Force along with our law enforcement partners are committed to tracking down malicious hackers who target private businesses and ensuring they face the consequences for their actions. If your business is the victim of a cyber intrusion, please report it as soon as possible; the faster we are made aware, the sooner we can provide assistance.
Added Michael J. Driscoll, FBI Assistant Director in Charge.
United States Attorney’s Office full press release is available here.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.