FBI, FTC warn against new form of identity theft
Officials from the FBI and FTC joined with the Internet service provider EarthLink and the National Consumers' League on Monday to warn against a new form of identity theft.
In a press conference, FTC and FBI officials announced the FTC's first prosecution against an individual who allegedly used America Online's corporate logo in unsolicited e-mail to con consumers out of their credit-card numbers and other forms of sensitive personal data.
Criminal charges were not brought against the individual because he is a minor, FTC Commissioner Mozelle Thompson said. "This is our first case, and [we] want to send a little bit of a message," he said. "That amount stolen was a small amount compared to some of the others we have seen out there."
FBI official Keith Lourdeau said the bureau is collaborating with the FTC on bringing criminal charges in other cases. Among the other companies targeted by the scam include eBay and its PayPal division, along with Best Buy, Discover Card and Bank of America.
The practice, knows as "phishing"-as in fishing for consumer data-involves sending fraudulent e-mails purportedly from an Internet service provider (ISP) who needs customers to re-enter their personal data because of a company computer crash.
The e-mail provides a hyperlink to a Web address that looks deceptively like that of the ISP but that is run by the scammer. In the case of the EarthLink phishing scam, the fraudulent e-mail claimed to from EarthLink's billing department and provided the Internet address www.billingdepartment-el.net the bogus site.
Government, business and consumer officials urged people to look carefully at the Web addresses in such e-mails before providing personal information and to look for the "lock" on their Internet browsers indicating that the site mentioned in the e-mail uses Secure Sockets Layer, the industry standard for creating a secure Web site.
"Be very suspicious of e-mails asking for personal information," said Dave Baker, vice president of law and public policy at EarthLink, who added the company has noticed an "uptick in phisher-site e-mails circulating on the Internet this year."
Almost no ISPs ask consumers for personal information-and would never do so via e-mail, he said. And when companies need to authenticate an individual's identity to change account information, they almost always use a log-in screen that requires a password.
In its own statement about "how not to get hooked by a 'phishing' scam," FTC officials urged consumers not to click on the links in e-mails warning that their accounts will be closed unless the consumers reconfirm billing information. "Instead, contact the company cited in the e-mail using a telephone number or Web site address you know to be genuine," the agency advised.
"Don't take the bait," Thompson said. "If you do receive an e-mail warning like this, don't click on the link."