A 19-year-old pleaded guilty to stealing identities with fake e-mails meant to look like they were from major online firms, federal authorities announced Monday. But the use of such imitation e-mails shows no signs of slowing down. An industry group announced this weekend that the use of so-called "phishing" e-mails sent by con artists skyrocketed 60 percent from January to February.
The Federal Trade Commission says Zachary Keith Hill of Houston, Texas, used fraudulent spam to trick 400 Internet users into divulging personal financial details, such as bank account numbers and Social Security numbers. The e-mails Hill sent appeared to come from America Online or PayPal.com, and included menacing messages like, "If we do not get your updated billing information, your account will be revoked."
Lisa Hone, assistant director at the FTC's Bureau of Consumer Protection, said the teen managed to turn those identities into at least $78,000 by making purchases with stolen credit cards and initiating a variety of other fraudulent financial transactions.
Hill, who is awaiting sentencing by a federal court, obtained over 400 credit card numbers, 152 sets of bank account numbers and bank routing numbers, and 566 sets of usernames and passwords for Internet services accounts, according to the Justice Department.
The conviction suggests how successful such fake e-mail campaigns can be -- but so does their continued increase.
An expensive problem
A non-profit consortium of financial companies called the Anti-Phishing Working Group, assembled last year to raise public awareness of the problem, says the attacks are still very much on the rise. The group charted 176 different attacks in January of this year, but 282 in February. There were almost 10 new phishing spams sent out every day, the group says. EBay is the favorite target of the scam artists, the group says, with PayPal and Citibank not far behind.
And the problem is getting expensive for the targeted companies, said Dave Jevans, the group's chairman. Some phishing spams include millions of e-mail messages, which in turn generate thousands of phone calls by consumers wondering about the messages' authenticity.
"I know of one company, it costs them over $1 million a year just to handle the phone calls," he said.
Meanwhile, the con artists are still honing their craft, he said. Many phishing scams now include more sophisticated programming. In one example, an e-mail includes a button instead of a text link, which hides the link's true destination from the recipient. Then, when the user clicks on the button, a scaled-down browser window opens up without displaying any Internet address information.
"It's impossible for consumers to tell whether they've gotten an e-mail from a legitimate company or a con artist, particularly once you go to that web page. It looks so real," said Hone. "The message is, if you get an e-mail asking for personal information don't respond. Even it's from a company you think you deal with."