, Washington Post 2003-07-24
A Los Angeles 17-year-old has settled charges that he used fake Web pages to lure consumers to provide credit card numbers and other personal data, the Federal Trade Commission announced yesterday in a crackdown on a growing form of Internet fraud.
The case against the teenager, who was not identified, is the first brought by the FTC that targets "phishing," a pernicious scam that marries e-mail spam with identity theft. The term is used by computer vandals who go fishing for information. The FBI and Justice Department also investigated the case.The action comes as reports of identity theft are soaring. The FTC said it logged 161,886 complaints last year, and is on track to record more than 200,000 this year.
Separately, the business research group Gartner Inc. released a survey yesterday that showed the problem might be far bigger than the FTC numbers suggest. The Gartner survey estimated that 7 million U.S. adults were victims of identity theft in the year ending last month, a 79 percent increase over the previous year.
Most identity theft still occurs in the off-line world. But at a news conference yesterday, Internet service provider Earthlink Inc., the FTC, the FBI and the National Consumers League warned that phishing is a dangerous new trend.
The scam artists send fraudulent e-mails to unsuspecting customers of service providers or retailers with whom consumers regularly do business. The e-mails are doctored to look like they came from the provider and claim that they need the consumer to verify his or her account information.
Consumers are asked to click on a link that directs them to a "phisher" page, which is designed to mimic the service provider's site. The page asks the user to re-submit his or her personal information for the account, sometimes including passwords and Social Security numbers.
The information is captured by the scam artist, who can use it to make purchases, invade bank accounts and otherwise steal someone's identity.
In the Los Angeles case, the teenager created a fake America Online member page. FTC officials said the youngster was able to run up about $8,000 in purchases using credit data he had obtained.
Other prominent firms, such as Earthlink, eBay, its payment subsidiary PayPal, and electronics retailer Best Buy all have been targeted.
Under terms of the settlement, the teen agreed to surrender $3,500 in ill-gotten gains, including his computer, and to never send spam again.
Officials at the news conference advised consumers to never respond to such e-mails. They said a prominent clue is when the e-mail claims the information is necessary because of a computer crash or other calamity.
"No reputable company will ask you for that kind of information" in that manner, said David Baker, Earthlink's head of public policy.
The Gartner survey, based on about 2,400 replies to a mailing of about 600,000 households, criticized the financial services industry for not doing enough to stop identity theft.
"They don't know the extent of the problem," said Avivah Litan, a Gartner vice president and the Stamford, Conn., company's research director. She said that when scam artists apply for credit using someone else's identity, financial institutions "just write it off as a credit loss. They have no reason to suspect it's identity theft."
Litan said financial service providers need to be tougher when people apply for credit.
Nessa Feddis, senior federal counsel for the American Bankers Association, was dubious about the Gartner numbers.
She said that although identity theft is not an overwhelming percentage of overall fraud, it is a top priority for banks.
"There's much more vigilance now," Feddis said. "It's gotten much more sophisticated."
FTC officials say they worry that too much identity theft still goes unreported.
