UK Phisher Pleads Guilty to Just Eat Scam

A Kent man is facing several years behind bars after pleading guilty to running a large-scale phishing operation against Just Eat customers several year ago.

Around 165,000 victims had data stolen by Grant West, 26, from the Isle of Sheppey.

Between July and December 2015 he’s said to have spammed netizens with fake emails spoofed with branding from the delivery service company. They were offered a ‘£10 gift voucher’ for answering questions about the service, and of course handing over their personal details, including names, addresses and card details.

West is said to have made more than £180,000 by selling the details on the now-closed Alpha Bay dark web marketplace under the moniker “Courvoisier”.

Officers claimed he also tried to phish customers from multiple other online vendors: from “Argos to Uber,” according to the BBC.

It’s unclear where West purchased the millions of emails he’s said to have used to launch these campaigns, although that would be a pretty easy job on the dark web.

Commenting on the story, one Twitter user seems to have had personal experience of the case from a cybersecurity perspective, inside Just Eat:

“We had a very small but dedicated security team @justeat_tech @JustEatPLC a few years ago. Incensed when this guy started screwing with our customers we bust a gut on evidence collection and attribution, working closely with @CityPolice. Result!!”

Although West did his best to obfuscate his activity, police finally tracked the IP address of his girlfriend’s laptop, and captured the unlocked device as he was travelling from Rhyl to London, springing their trap in the first class carriage.

They reportedly found the financial details of 100,000 victims on the laptop, and then a further SD card at his home loaded with 63,000 debit and credit cards, seven million email addresses with passwords, and details of over 500 companies.

They also found £25,000 in cash and half a kilogram of cannabis, which he sold online alongside hacking guides.

West will be sentenced at the end of the month, although he's suspected of having accomplices. Infosecurity has reached out to the Twitter user for more details.

What’s Hot on Infosecurity Magazine?