Internet Scammers Go 'Phishing'; Steal Personal Information by Imitating Legit Web Sites
Byline: Tim Lemke, THE WASHINGTON TIMES
The FBI yesterday warned Internet users about a sinister new connection between e-mail spam and Web sites designed to steal personal information.
The FBI joined the Federal Trade Commission to tell reporters the agencies have received increasing complaints of "phisher" Web sites, which try to dupe people into providing phone, credit-card and Social Security numbers over the Internet.
Typically, Internet users are directed to the sites by e-mails made to look like they come from legitimate companies.
The FTC said it settled civil charges with a teenager in California who used phisher sites to gather credit-card information from users of America Online. The teen agreed to pay $3,500 to settle the case, the FTC's first action against someone operating a phisher site.
"Consumers were told that their account would expire unless they updated certain personal information," FTC Commissioner Mozelle Thompson said. "The defendant then used the information to go on a shopping spree."
The FTC said the teen collected customer names and a host of personal financial information including credit card numbers, Social Security numbers, billing routing numbers and personal identification numbers. He used the information to make purchases online.
The penalty would have been more severe if the teen were an adult, Mr. Thompson said.
Earthlink, the nation's third-largest Internet service provider, and the National Consumers League cautioned consumers about the sites.
In an example displayed by Earthlink yesterday, a consumer received an e-mail disguised to look like it was sent by Earthlink's customer-service department. The e-mail said the company had lost information relating to the user's Internet account and directed the user to a Web site where he was asked to enter requested information.
America Online, EBay, Best Buy and other companies have reported that their Web sites have been imitated in similar fashion.
"This is something you will never see from a legitimate company," said David Baker, Earthlink's vice president for law and public policy.
Mr. Baker said it is "exceedingly unlikely" that a company would request information it already had collected. …