Byline: Stanley A. Miller II
MILWAUKEE _ Spam e-mail and phony Web sites are increasingly trying to trick consumers into giving away their personal and financial information, according to the FBI and Internet experts.
Several large businesses _ including banks, Internet service providers and online merchants _ have been targeted recently by people who send out "spoofed" e-mail masquerading as messages from the companies' accounting or customer service departments.
The scam artists send out unsolicited e-mail that typically tells recipients their account information is incomplete or expired and provides a link to fake Web pages called "phishing sites," where the victims are asked to type in their data. The spam e-mail looks like it came from the legitimate company.
When people plug their personal information into the phishing Web sites _ often near-perfect replicas of real sites _ the data is sent to thieves, not legitimate companies.
"Bogus e-mails that try to trick customers into giving out personal information are the hottest and most troubling new scam on the Internet," Jana Monroe, assistant director of the FBI's Cyber Division, said in a statement. The FBI issued a warning Monday about the phony e-mail messages.
The FBI says Web spoofing scams are contributing to a rise in identity theft, credit card fraud and other Internet scams. The agency's Internet Fraud Complaint Center has seen a steady increase in complaints from consumers who were directed to phony "customer service" Web sites by unsolicited e-mail.
The number of online fraud complaints the agency received rose 67 percent last year to more than 75,000, and consumers reported losses from online fraud totaling $54 million, the agency reports.
The Federal Trade Commission reported earlier this year that cases of identity theft increased about 88 percent last year, with 161,800 identity theft complaints, up from 86,200 in 2001. Identity theft accounted for 43 percent of all its fraud complaints, according to the report.
(EDITORS: BEGIN OPTIONAL TRIM)
John Ecker II of The Park Net, a Brookfield, Wis., Internet service provider, said e-mail spoofing requires no technical expertise, and companies hosting scam Web sites might not even be aware of it because they are victims, too.
"I'd encourage people to have a healthy suspicion of spam, period, whether it seems legitimate or not," he said. "Always check the URL (Web address). If it says it is coming from Capital One, then it better be going to capitalone.com."
(END OPTIONAL TRIM)
Last month, some Earthlink subscribers received what appeared to be an e-mail from the company's technical support department. Their account information was not up-to-date, the message said, and if they wanted to avoid an interruption in service, they should fill out the form and send it back.
"If you do not update your credit or debit card information you may no longer be able to use Earthlink," the fake message claimed.
It asked for a credit card number, e-mail password and other sensitive information.
(EDITORS: BEGIN OPTIONAL TRIM)
Carla Shaw, an Earthlink spokeswoman, said the company's network abuse team has seen a rising tide of phishing expeditions. The company blocks access to scam Web sites when it learns of them. The company also contacts the firms hosting the phishing Web sites and asks them to be shut down.
"These scams are increasing," she said. "We have also seen an increase in sophistication."
Earthlink spotted phishing frauds about once a month last year; this year, the company encounters one or two a week.
(END OPTIONAL TRIM)
Large Internet service providers such as Earthlink _ which has about 5 million subscribers _ are big marks for spammers looking for phishing victims. Several companies running e-commerce operations have been targeted, including the online payment service PayPal and electronics retailer Best Buy.
Carol McKay, spokeswoman for the National Consumers League, a non-profit consumer group in Washington, said scammers recently mass e-mailed a fake message with the subject line: "Best Buy Order ... Fraud Alert," telling recipients that someone had made suspicious purchases in their names. It asked the recipient to contact Best Buy by clicking a link in the e-mail that would then take them to a fake Web site for Best Buy's fraud department.
On the site, people were asked to enter credit card and Social Security numbers, then click to send it to those running the scam.
Any company doing business on the Internet _ and any person using their services _ could get hooked.
(EDITORS: STORY CAN END HERE)
"Before March, we had not seen anything like this, but from March until now, we have seen five or six a month," said Susan Getgood, a senior vice president at SurfControl in Scotts Valley, Calif., which makes Web and e-mail filtering software.
Getgood said that scammers use phishing to cast a wide net because "they just need to get a few of you."
"Spam is the organized crime of the Internet, and this is the ultimate crime to date because it damages the victim, and it is also damages the brand of the companies."
___
AVOIDING INTERNET SCAMS:
Advice from the FBI for consumers to avoid Internet scams that use fake e-mail and Web sites to steal information:
_ Be wary of unsolicited e-mail that asks, either directly or through a Web site, for personal financial or identity information, such as a Social Security number or passwords.
_ Don't click on the links provided in such e-mail.
_ When updating account information, use a familiar process, such as visiting the known Web address of a company's account maintenance page. Unfamiliar addresses for this probably are fake.
_ Make sure an Internet connection is secure _ with an icon of a lock visible on the Web browser _ before submitting personal information.
_ Monitor credit card and bank statements for unauthorized charges.
_ If an e-mail or Web site is in doubt, make sure the request is authentic by contacting the company directly by phone or through a Web site or e-mail address known to be authentic.
People victimized by a fraudulent e-mail or Web site should contact their local police department and file a complaint with the FBI and the FTC. Consumers also should report fraudulent or suspicious e-mail to their Internet service provider.
___
Visit JSOnline, the Journal Sentinel's World Wide Web site, at http://www.jsonline.com/
Distributed by Knight Ridder/Tribune Information Services.
(c) 2003, Milwaukee Journal Sentinel.
No comments:
Post a Comment