Phishing in cyberspace has nothing to do with camp followers of the popular improvisational rock band. But it does have everything to do with identity thieves who post lookalike Websites and lookalike spam to bilk consumers of their credit and financial data. And both the government and at least one Internet service provider are casting their nets to pull as many phish out of the cybersea as possible.
The Federal Trade Commission has a tentative settlement with a teenage phish who posed as America Online, spammed thousands claiming problems with their AOL billing could lead to losing their AOL accounts. This kind of scam is called "phishing" and the teen in question agreed to settle for $3,500 and signed an agreement to send no more junk e-mail again – ever.
“Phishing is a two time scam,” said FTC chairman Timothy J. Muris in a statement. “Phishers first steal a company’s identity and then use it to victimize consumers by stealing their credit identities. This is the FTC’s first law enforcement action targeting phishing. It won’t be the last.”
And EarthLink has announced it was joining the FTC and the National Consumer Union in a campaign to warn Internet users and other consumers about phishing scams, which use not just ISPs but e-tailers, brick-and-mortar retailers, online auctioneers like eBay, and other businesses and services. EarthLink also said they would sue any phishing scammer they can identify as soon as possible once the identifications are made.
EarthLink isn't exactly a lightweight rowboat when it comes to harvesting spammers. In May, they bagged a $16.4 million judgment against the infamous Buffalo Spammer, Howard Carmack, shutting down Carmack's operation that had stuffed cyberspace with over 825 million spam messages.
The teen phish faking himself as AOL, according to the FTC, would collect consumers' identities when they clicked links purporting to take them to AOL's billing center, where they were instructed to enter their credit card numbers and numbers from a new card to fix the fake problem, plus asking them for other personal and financial information. He then used that information to charge online purchases and open PayPal accounts, the FTC said, while using the consumers' names and passwords as an opening to send even more spam. He also recruited others into the scheme by convincing them to take fraudulently obtained merchandise he ordered for himself, the FTC added.
EarthLink vice president of law and public policy Dave Baker said the ISP spotted a rise in phish site-based spam this year, prodding the company to want to tip off consumers about the scams. "Pretending to be legitimate messages from legitimate companies," Baker said, "phisher site spams are much more than annoying e-mails advertising get-rich-quick schemes – they are intended to steal your identity, your credit card number, and other personal information," he said.
FTC commissioner Mozelle W. Thompson said identity theft is the top complaint recorded at the commission's Consumer Sentinel Database, and has been for the past three years. "Phishing is a dangerous weapon in the hands of identity thieves." Thompson said. "That is why we are working closely with civil and criminal law enforcers around the world and with private sector businesses like EarthLink to warn consumers about this scam."
FBI Cyber Division assistant director Jana Monroe said one way for consumers to stop a phish scam is to copy the link and e-mail it to the company the e-mail purports to represent, asking the company if in fact the offer is legitimate.
EarthLink also recommends computer users be suspicious of any e-mail from unfamiliar sources asking for personal information and to report any suspected fraudulent e-mail to their own ISPs. "Reporting instances of phisher site spams will help get these fake Websites shut down before they can do any more harm," the company said.
