Identity Thief Goes Phishing for Consumers Credit Information
From The Federal Trade Commission
An identity thief who allegedly used hijacked corporate logos and deceptive spam to con consumers out of credit card numbers and other financial data has agreed to settle Federal Trade Commission charges that his scam violated federal laws. If approved by the court, the defendant, a minor, will be barred for life from sending spam and will give up his ill-gotten gains.
The FTC alleged that the scam, called phishing, worked like this: posing as America Online, the con artist sent consumers e-mail messages claiming that there had been a problem with the billing of their AOL account. The e-mail warned consumers that if they didnt update their billing information, they risked losing their AOL accounts and Internet access. The message directed consumers to click on a hyperlink in the body of the e-mail to connect to the AOL Billing Center. When consumers clicked on the link they landed on a site that contained AOLs logo, AOLs type style, AOLs colors, and links to real AOL Web pages. It appeared to be AOLs Billing Center. But it wasnt. The defendant had hijacked AOLs identity and was going to use it to steal consumers identities, as well, the FTC alleged.
The defendants AOL look-alike Web page directed consumers to enter the numbers from the credit card they had used to charge their AOL account. It then asked consumers to enter numbers from a new card to correct the problem. It also asked for consumers names, mothers maiden names, billing addresses, social security numbers, bank routing numbers, credit limits, personal identification numbers, and AOL screen names and passwords - the kind of data that would help the defendant plunder consumers credit and debit card accounts and assume their identity online.
According to the FTC, the defendant used the information to charge online purchases and open accounts with PayPal. In addition, he used consumers names and passwords to log on to AOL in their names and send more spam. Finally, he recruited others to participate in the scheme by convincing them to receive fraudulently obtained merchandise he had ordered for himself.
The agency charged the defendants practices were deceptive and unfair, in violation of the FTC Act. In addition, the FTC alleged that the defendants practices violated provisions of the Gramm-Leach-Bliley Act designed to protect the privacy of consumers sensitive financial information.
Phishing is a two time scam, said Timothy J. Muris, Chairman of the FTC. Phishers first steal a companys identity and then use it to victimize consumers by stealing their credit identities. This is the FTCs first law enforcement action targeting phishing. It wont be the last.
The settlement would bar the defendant from future violations of the FTC Act and the Gramm-Leach- Bliley Act. It also would bar the defendant from sending spam in the future. In addition, the order would require the defendant to give up $3,500 in ill-gotten gains.
An FTC Consumer Alert, How Not to Get Hooked by a ‘Phishing Scam warns consumers who receive e-mail that claims an account will be shut down unless they reconfirm their billing information not to reply or click on the link in the e-mail. Consumers should contact the company that supposedly sent the message using a telephone number or Web site address they know to be genuine. More tips to avoid phishing scams can be found at http://www.ftc.gov/bcp/conline/edcams/spam/coninfo.htm
The Commission vote to authorize staff to file the complaint and stipulated final judgment and order was 5-0. It will be filed in the U.S. District Court for the Central District of California in Los Angeles and is subject to court approval.
This case was brought with the invaluable assistance of the Department of Justice Criminal Divisions Computer Crimes and Intellectual Property Section, Federal Bureau of Investigations Washington Field Office, and United States Attorney for the Eastern District of Virginias Computer Hacking and Intellectual Property Squad, the United States Postal Inspectors and the Los Angeles District Attorneys High Technology Crimes Unit.
NOTE: Stipulated final judgments and orders are for settlement purposes only and do not constitute an admission by the defendant of a law violation. Consent judgments have the force of law when signed by the judge.
Copies of the complaint and stipulated final judgment and order for permanent injunction are available from the FTCs Web site at http://www.ftc.gov and also from the FTCs Consumer Response Center, Room 130, 600 Pennsylvania Avenue, N.W., Washington, D.C. 20580. The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint, or to get free information on any of 150 consumer topics, call toll-free, 1-877-FTC-HELP (1 877-382-4357), or use the complaint form at http://www.ftc.gov. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.
Back To The Top
Bud's CDs FREE MP3s Home