In December 2024, we reported about a criminal scheme that saw Apple customers buying MacBooks through the Apple online store for pickup at local Apple retail stores coming up empty-handed. Numerous buyers reported placing their orders online and being notified that their order was ready for pickup, only to find that when they arrived at the Apple store, that bad guys had impersonated them and had walked out with their laptops before they could arrive at the store.
One of the victims, Yorba Linda resident Paul Giles, found out that someone posing as him had picked up his 16-inch MacBook Pro that he had intended to give as a gift to his daughter. This was at the Americana at Brand Apple Store, where other thefts also occurred.
Giles says the theft was pulled off in the matter of around four hours.
“From the time I got the initial email from Apple saying it’s ready to pick up and the time that they actually went to the store to pick it up,” Giles said.
“It was someone who impersonated me. Showed the ID, showed the QR code that was through the email system and with that, ‘Paul Giles’ got the laptop,” Giles said.
Giles said the manager at Apple told him, ‘Oh, I’m sorry this happened. Somebody apparently impersonated you and picked it up.’”
Now KNBC-TV in Los Angeles reports that two suspects have been arrested and charged with fraud in connection with eight thefts of laptops like the MacBook.
The Glendale Police Department says the pair impersonated actual customers who had ordered laptops for pickup at Apple stores and other businesses, using fake IDs and QR codes to walk out with the laptops.
Giles said a detective told him that the information is available for purchase on the dark web, once a purchase is made, they are then informed where to pick up their ill-gotten gains.
“It’s really easy to get this information,” said Jim Stickley, a cybersecurity expert. “You can jump on the dark web. There’s sites that are literally dedicated to selling just these types of information.”
Stickley said that in many cases, victims are not aware that their emails have been compromised.
“Everything’s in the cloud now, so they’ll access your email,” he said. “So once they gain access, they’ll just put a rule in that basically forwards all of your emails. So now you get a copy and they get a copy and you’d have no idea.”
Police have yet to release the name of the arrested pair and they are still in search of a third accomplice.