FBI warns about bogus sites collecting personal data
Date: July 22, 2003
The FBI and consumer organizations issued a warning on Monday about a growing fraud scheme involving e-mails that lure people to fake websites to collect sensitive personal or financial data.
The scam involves e-mail that links users to sites that are designed to look like legitimate sites and deceive consumers into revealing credit card or bank account numbers or other sensitive data.
The scam, which has developed in the past few months, has tricked customers of big retailers such as Best Buy, the Internet payment site Paypal and EarthLink, a major Internet service provider.
Investigators term the fake websites "phisher" sites, saying they are simply a vehicle to steal information and probably money.
"This is the hottest new scam on the Internet," said Keith Lourdeau of the FBI's cybercrime division, who spoke at a news conference on the subject on Monday.
Lourdeau said the FBI was investigating at least 600 complaints involving the "phisher" scam.
The FBI official added that the scam could be used for credit card fraud, bank fraud or identity theft, possibly even to create false identities for terrorist activity.
He said that in one case, the scam collected credit card numbers that were "sent abroad to criminals who used the stolen credit cards throughout Europe."
The e-mail purports to be from the legitimate company, officials said, and indicate that the firm has lost some data and needs to verify the recipient's identity.
Some reports have linked the scam to organized crime, possibly in Russia. But at least one scheme was hatched by a 17-year-old in the United States, who used stolen credit card information for a shopping spree of several thousand dollars, said Mozelle Thompson, a member of the Federal Trade Commission.
Thompson said the agency, which can obtain civil penalties, was working with the FBI and other agencies on investigations.
"For those of you who engage in this, we are putting you on notice," he said. "We will hunt you down and find you and prosecute you to the fullest extend of the law."
EarthLink organized Monday's news conference after learning that spammers were luring its customers to a fake EarthLink website to collect personal data.
Although the scheme has victimized some sophisticated users, EarthLink vice president Dave Baker said legitimate companies will almost never send out e-mail like that seeking to collect sensitive data.
He said the scammers often use complicated Web address that may contain the name of the company. But users would be advised to call the company or go to the main website, instead of clicking on a link from an e-mail, and logging on with a password before providing key data.
"Consumers must always be very suspicious when asked for personal information, especially when asked by companies or organizations that should already have the information," said Linda Golodner, president of the National Consumers League, which runs the Internet Fraud Watch program with the FBI.
Meanwhile, a separate report by research firm Gartner Inc said at least seven million Americans, or some 3.4 per cent of the adult US population, have been victims of identity theft, up 79 per cent from a year ago.
But Gartner said identity thieves appear to use low-tech methods at least as often as the Internet.
Original article: http://www.hindustantimes.com/news/181_315842,00030010.htm
^macro[showdigestcomments;^uri;FBI warns about bogus sites collecting personal data]