Modernizing Authentication — What It Takes to Transform Secure Access
The Federal Trade Commission (FTC) has agreed top settle Internet fraud charges against a 17-year-old male charged with using hijacked corporate logos and deceptive spam to con consumers out of credit card numbers and other financial data. If approved by the court, the defendant, a minor, will be barred for life from sending spam and will forfeit his $3,500 in profits from the scam.
The FTC alleged the defendant launched a scam known as "phishing." He sent e-mail purporting to be from America Online claiming that there had been a problem with the billing of a consumer's AOL account. The e-mail warned consumers that if they didnt update their billing information, they risked losing their AOL accounts and Internet access.
The message directed consumers to click on a hyperlink in the body of the e-mail to connect to the "AOL Billing Center." When consumers clicked on the link they landed on a site that contained AOL's logo, AOL's type style, AOL's colors, and links to real AOL Web pages. It appeared to be AOL's billing center, but it wasnt.
The defendant's AOL look-alike Web page directed consumers to enter the numbers from the credit card they had used to charge their AOL account. It then asked consumers to enter numbers from a new card to correct the problem. It also asked for consumers' names, mothers' maiden names, billing addresses, social security numbers, bank routing numbers, credit limits, personal identification numbers, and AOL screen names and passwords.
According to the FTC, the defendant used the information to charge online purchases and open accounts with PayPal. In addition, he used consumers' names and passwords to log on to AOL in their names and send more spam. Finally, he recruited others to participate in the scheme by convincing them to receive fraudulently obtained merchandise he had ordered for himself.
The agency charged the defendant's practices were deceptive and unfair, in violation of the FTC Act. In addition, the FTC alleged that the defendant's practices violated provisions of the Gramm-Leach-Bliley Act designed to protect the privacy of consumers' sensitive financial information.
"Phishing is a two time scam," said FTC Chairman Timothy J. Muris. "Phishers first steal a company's identity and then use it to victimize consumers by stealing their credit identities. This is the FTC's first law enforcement action targeting phishing. It wont be the last."