'Phishing' scams reel in your identity
Feds pursue culprits, warn consumers
By Jeordan Legon
Earthlink's Chief Privacy Officer Les Seagraves said the company is getting tough on 'phishing' scams.
E-mail filtering firms offer these tips for consumers to fight the 'phishing' scam:
Don't trust e-mail headers, which can be forged easily.
Avoid filling out forms in e-mail messages. You can't know with certainty where the data will be sent and the information can make several stops on the way to the recipient.
Try not to click on links in an e-mail message from a company. Too many scam artists are making forgeries of company's sites that look like the real thing.
If you go to a link offered in an unsolicited e-mail, check to see if there is an 's' after the http in the address and a lock at the bottom of the screen. Both are indicators that the site is secure.
If you want to do business online, don't click on an e-mail link. Go to the company's Web site yourself and fill out information there.
(CNN) -- The Web sites look real and the information sought seems justified. But it's really the latest form of e-mail scam, called "brand spoofing," "carding" or "Phishing."
The official-looking messages tell recipients that, because of technical problems, billing information and social security numbers for their accounts must be resubmitted. Scam artists recreate pages using information from legitimate Web sites in hopes of fooling consumers into providing their personal data.
"Phishing is a two time scam," FTC Chairman Timothy Muris said. "Phishers first steal a company's identity and then use it to victimize consumers by stealing their credit identities."
On Monday, the Federal Trade Commission filed their first action against a suspected phisher, a 17-year-old California boy who allegedly used a page made to look like America Online to scam people out of their credit card numbers.
It's all part of the growing trend of identity theft, the FTC said. Reports of stealing a person's financial information surged 88 percent to 162,000 last year, from about 86,000 in 2001, according to the agency.
The FTC and Internet security firms say companies hit by the phishing scams in the last few months include Best Buy, UPS, Bank of America, PayPal and First Union Bank.
Difficult to catch
The nation's third-largest Internet Service Provider Earthlink also has been targeted. And while the ISP said occurrences are still relatively rare, the financial impact on victims of such scams can be severe.
"These people know what they're doing," Earthlink's Chief Privacy Officer Les Seagraves said of the scams. "We've filed civil lawsuits. We've worked with the FBI and other law enforcement to track them down. So we're working on it, but they've done a pretty good job of covering their tracks."
Spammers mask their identities by using a wide array of computer servers, opening and closing their operations quickly and working outside the United States. All of this makes it more difficult for U.S. law enforcement to catch up with them.
But the FTC said scammers should beware, because the agency, working with the FBI and the Department of Justice Criminal Division's Computer Crimes, expects to crack down on the practice.
Pay back stolen cash
If approved by the court, a California teen reprimanded Monday will be banned for life from sending spam and will have to pay a $3,500 fine, the FTC said. Because of his age, his name was not released and officials said it is unlikely he will face criminal charges.
"This is the FTC's first law enforcement action targeting phishing. It won't be the last," Muris said.