Skip to main content

Hacker allegedly stole $2 million worth of airline tickets through phishing scam

airport self check in kiosk
A Cameroon-born hacker has been extradited to the U.S. after being arrested for illegally obtaining a whopping $2 million worth of plane tickets through a vast phishing email campaign.

Eric Donys Simeu is accused of targeting employees of several different airlines and travel companies in the U.S. with fake emails that requested their login credentials. Using the stolen credentials, he allegedly issued numerous flight tickets that he either used himself or sold to travelers in West Africa at a fraction of their actual cost.

Simeu, who was also caught using the fake identity Martell Collins, specifically targeted employees who had access to the Global Distribution System (GDS) used by travel companies to access their servers and carry out operations, including the issuing of tickets.

He perpetrated his phishing campaign on two particular companies in Texas and Georgia that utilize GDS, which is how he got on the radar of U.S. authorities. The companies have not been named but it is known that the phishing campaign extended from July 2011 to September 2014.

Simeu used one of the fraudulent boarding passes in September 2014 to travel from Morocco to France with a fake U.K. passport bearing the name of Martel Collins. He ended up being arrested with the assistance of French authorities and was extradited last week, according to the U.S. Department of Justice.

“Cybercrime is borderless, but increasingly, so too are our law enforcement capabilities,” said U.S. Attorney John Horn, adding that international cooperation between different agencies was key in the hacker’s arrest.

Simeu has been landed with federal charges of conspiracy, wire fraud, computer fraud, and access device fraud. The case against Simeu is still currently being investigated by the FBI and the State Department Diplomatic Security Service.

“Those who target U.S. companies and citizens through cyber attacks and spear phishing emails can no longer be confident they will remain anonymous and be protected by geographic boundaries,” said J. Britt Johnson, an agent from Atlanta’s FBI field office.

“This arrest and extradition serves a strong deterrent to those targeting the computer networks of U.S. companies and U.S. citizens. It should also serve as a reminder to the public to be vigilant and aware they are frequently targeted through fraudulent emails seeking to steal their personal information.”

Editors' Recommendations