- The Washington Times - Monday, July 21, 2003

The FBI yesterday warned Internet users about a sinister new connection between e-mail spam and Web sites designed to steal personal information.

The FBI joined the Federal Trade Commission to tell reporters the agencies have received increasing complaints of “phisher” Web sites, which try to dupe unsuspecting people into providing phone, credit-card and Social Security numbers over the Internet.

Typically, Internet users are directed to the sites by e-mails made to look like they come from legitimate companies.

The FTC said it settled civil charges with a teenager in California who used phisher sites to gather credit-card information from users of America Online. The teen agreed to pay $3,500 to settle the case, the FTC’s first action against someone operating a phisher site.

“Consumers were told that their account would expire unless they updated certain personal information,” FTC Commissioner Mozelle Thompson said. “The defendant then used the information to go on a shopping spree.”

The FTC said the teen collected customer names and a host of personal financial information including credit-card numbers, Social Security numbers, billing routing numbers and personal identification numbers. He used the information to make purchases online.

The penalty would have been more severe if the teen were an adult, Mr. Thompson said.

Earthlink, the nation’s third-largest Internet service provider, and the National Consumers League cautioned consumers about the sites.

In an example displayed by Earthlink yesterday, a consumer received an e-mail disguised to look like it was sent by Earthlink’s customer-service department. The e-mail said the company had lost information relating to the user’s Internet account and directed the user to a Web site where he was asked to enter requested information.

America Online, EBay, Best Buy and other companies have reported that their Web sites have been imitated in similar fashion.

“This is something you will never see from a legitimate company,” said David Baker, Earthlink’s vice president for law and public policy.

Mr. Baker said it is “exceedingly unlikely” that a company would request information it already had collected.

Consumer groups said phisher sites are dangerous because they are so deceptive. Creators of the sites take great care in making them look realistic, even masking their e-mail addresses with phony addresses of the company they are pretending to be.

“Most of us move quickly through our e-mail, eliminating obvious spam,” said Linda Golodner, president and chief executive of the National Consumers League. “This one is not obvious.”

Mr. Baker called e-mails linking to phisher sites the “worst kind of spam.”

Identity theft is the top complaint received by the FTC during each of the past three years. The commission expects to receive 210,000 complaints of identity theft this year, up from 1,380 in 1999.

Mr. Thompson said the case involving the California teen would be used as an example of how the FTC is capable of catching those responsible for phisher sites.

“I’m here today to put you on notice that if you engage in identity theft, we will hunt you down and find you and prosecute you to the fullest extent of the law,” Mr. Thompson said.

The FBI is investigating specific phisher sites, said Keith Loudreau, chief of the bureau’s cybercrime division. He declined to reveal the number of active cases but said ongoing investigations led the FBI to suspect Internet users in Russia and other former Soviet republics.

Mr. Loudreau said the FBI is taking reports of phisher sites seriously because tracking down those involved in identity theft is part of the bureau’s efforts to stop terrorism. He said terrorists are known to use stolen information to obtain driver’s licenses and other documentation.

The specific number of complaints about phisher sites is not known, because the FTC and FBI do not break down complaints of identity theft by type.

But Mr. Baker, from Earthlink, said phisher sites are relatively rare. And he said the majority of Internet users do not fall victim.

Nevertheless, he and the FTC suggested that users be wary of any e-mail asking for personal information or any Web site that is unfamiliar. Earthlink asked customers to contact the company directly if they are not sure about an e-mail or Web site.

Sign up for Daily Newsletters

Manage Newsletters

Copyright © 2020 The Washington Times, LLC. Click here for reprint permission.

Please read our comment policy before commenting.


Click to Read More and View Comments

Click to Hide