$400k salon cyber fraud charges bad hair day for suspect

Updated on: 09 December 2022

Damien Black
Senior Journalist

Hoodie person holding credit card and laptop — Image by Shutterstock

A man has been arrested and charged with hacking into a hair salon chain headquartered in New York to steal hundreds of thousands of dollars in credit card payments – without setting foot in a single outlet.

The US Department of Justice (DoJ) announced the collar as US Attorney Damian Williams brought the charges in a New York federal court against Foster Cooley, 23, of Arizona.

“Foster Cooley allegedly participated in a scheme to hack into a salon company’s point-of-sale provider and steal over $400,000 of credit card payments from its customers,” said Williams. “And because Cooley was able to steal this money without stepping foot into one of the salons he stole from, his crimes went undetected for weeks.”

Cooley is accused of using malware to secretly steal usernames and passwords belonging to employees of the hairdressing firm, which has outlets in New York, New Jersey, and Colorado. He then allegedly used this information to access branch credit card details that had been saved in victims’ internet browsers.

After gaining this access, Cooley changed the bank accounts originally set up to receive payment transfers from salon branches, redirecting payments to ones controlled by himself and his associates, the DoJ alleges.

This allegedly allowed Cooley to run a two-week scam beginning around May this year that is said to have netted him more than $430,000 in customer payments to salon branches. These earnings were originally destined for the controlling company’s head office.

“Hacks like this that compromise the integrity of our electronic payment systems cause great harm to businesses and consumers alike,” said Williams. “Thanks to this office’s teamwork with the FBI, Cooley is now facing serious criminal charges for his alleged cybercrimes.”

If convicted of the several crimes he has been charged with, Cooley potentially faces serious time behind bars: the single count of wire fraud brought against him carries a maximum tariff of 20 years in jail, while causing damage to a protected computer through fraud has a maximum 10-year term.

The Federal Bureau of Investigation (FBI), which helped to secure the arrest of suspect Cooley, added: “If your business is the victim of a cyber intrusion, please report it as soon as possible. The faster we are made aware, the sooner we can provide assistance."