By Mary Anne Ostrom, San Jose Mercury News, Calif. Knight Ridder/Tribune Business News
Jul. 22--There's a new Internet fraud scheme you can add to your list: Phishing.
In what the FBI Monday called "the hottest, and most troubling, new scam on the Internet," criminals are sending out millions of fake e-mails to trick online consumers into divulging personal and financial information.
The legitimate-looking e-mails appear to come from some of the Web's biggest sites, including eBay, PayPal, MSN, Yahoo and America Online, and big-name banks and retailers.
In fact, tech-savvy criminals are collecting the information to commit credit-card fraud, identity theft and even unauthorized bank account transfers from unsuspecting consumers.
The problem has mushroomed this summer, prompting a warning Monday from the Federal Trade Commission and FBI for consumers to beware of criminals fishing for personal identification and financial information.
"Call it 'phishing', carding or brand spoofing, it's increasing in prevalence," said Eric A. Wenger, an attorney with the FTC who helped prepare the agency's first law enforcement action targeting the activity.
The phishers spam consumers with bogus re...uests for a wide range of personal information, ranging from bank account information to credit card numbers to ATM PIN numbers. They direct recipients to phony Web sites that closely resemble look legitimate corporate sites.
They hook consumers to give up personal information by claiming billing information needs to be updated or has been lost.
In more brazen versions, the perpetrators actually suggest that the consumer is a victim of fraud and needs to share the information to avoid a fraudulent credit card charge or to prevent more fraud. Other times, the e-mail offers a chance for a prize, a Mercedes Benz CLK in one case, if a consumer shares personal data.
Some of the culprits are sophisticated Web criminals. But some are just teens.
Take the case of the 17-year-old Los Angeles-area youth who scammed more than $8,000 worth of goods and services, including a laptop and a subscription to online adult-oriented sites. He sent fraudulent e-mails to AOL subscribers, saying there was a problem with their accounts and asking for new credit card numbers. He used that information to set up accounts at eBay-owned PayPal, which he used to make the purchases.
The defendant's AOL look-alike Web page directed consumers to enter the new card numbers. It also asked for mothers' maiden names, social security numbers, bank routing numbers, credit limits, and AOL screen names and passwords. The scheme allowed him to "plunder consumers' credit and debit card accounts and assume their identity online," the FTC said.
The teen has settled with the FTC by paying a $1,400 fine, forfeiting some of the goods and promising never again to send junk e-mail, the agency said.
That case, announced Monday, follows on the heels of a major brand spoofing case last month, when thousands of Best Buy customers received a junk e-mail declaring "Fraud Alert." Citing possible credit card fraud, the e-mails directed consumers to a "special Fraud Department page" supposedly run by Best Buy that asked for the recipients' Social Security and credit card numbers.
News accounts about the phony Best Buy e-mails may have incited more criminals to act, said Linda Foley, co-director of San Diego-based Identity Theft Resource Center.
And in one recent scam, e-mails supposedly from MSN said that technical difficulties arose with July 2003 billing updates. To avoid being terminated, the e-mail urged consumers to enter personal financial information at a "secure online account center." It also offered a bogus customer support phone number, but warned of an average 45-minute hold time on the phone. Microsoft confirmed it was a fraud.
The red flags are not always obvious, said FTC spokeswoman Claudia Bourne Farrell. In the case of the L.A. teen, when consumers clicked on the link, they landed on a site that contained AOL's logo, colors and even links to real AOL Web pages.
If a consumer has even the slightest suspicion, "Do not ever click on those hyperlinks," she said.
While the first reports of "phishing" date back two years, this summer has seen a noticeable uptick.
"We've been bombarded with eBay and PayPal scams" recently, said Foley, seeking "everything about you but your blood type."
Such bogus e-mailing prompted eBay last year to launch spoof@ebay.com, where people can forward suspicious e-mails. EBay said it will never ask online for a password.
EBay spokesman Kevin Pursgove said the company has had seen about the same volume of complaints over the last six months, but acknowledged that e-mail scammers are getting more sophisticated.
"As our anti-fraud tools have more success, they are getting more brazen," he said.
GONE PHISHING
Phishing is the use of spam to dupe consumers into revealing sensitive information such as credit card and bank account information. The e-mails pretend to be from high-profile businesses and direct recipients to "validate" their billing information at a Web site that mimics the legitimate one. The scammer typically uses the information to steal identities and commit financial fraud.
TIPS TO AVOID SCAMS
Don't click a link in an e-mail that warns your account will be shut down unless you reconfirm your billing information. Contact the legitimate company using a phone number or Web site address you know to be genuine.
Avoid e-mailing personal and financial information. Before submitting such data through a Web site, look for the "lock" icon that signals the information is secure.
Immediately review credit card and bank account statements for unauthorized charges.
Send suspicious e-mails to uce@ftc.gov and go to www.ftc.gov/idtheft for more information.
Source:Federal Trade Commission
To see more of the San Jose Mercury News, or to subscribe to the newspaper, go to http://www.mercurynews.com.
(c) 2003, San Jose Mercury News, Calif. Distributed by Knight Ridder/Tribune Business News.
EBAY, PYPL, MSFT, YHOO, AOL, DCX, BBY,
Комментариев нет:
Отправить комментарий