- New attack fells Internet Explorer
- Steve Jobs is a man of a few words
- Oddball gifts for uber geeks
- Global warming research exposed after hack
- Google adding IPv6 to YouTube
The Federal Trade Commission has settled a civil action against a 17-year-old California boy who was allegedly tricking Internet users into giving him their credit card numbers and other personal information on a bogus Web site meant to look like AOL's billing center.
The settlement, announced Monday, will bar the defendant from sending spam and force him to give up about $3,500 in profits from his venture, which ran from July to December 2002, before the FBI confiscated his computer. A federal court in central California has to approve the settlement.
The case has also been forwarded to the Los Angeles District Attorney's Office for possible criminal charges, said Eric Wenger, an attorney with the FTC's Bureau of Consumer Protection.
The boy's scam allegedly worked like this: Posing as AOL, he sent customers e-mail saying there had been a problem with the billing of their AOL account. The e-mail warned AOL customers that if they did not update their billing information, they risked losing their AOL accounts, and it directed customers to click on a hyperlink to connect to the AOL Billing Center.
When customers clicked on the link, they ended at the defendant's site, which included AOL's logo, type style, and links to real AOL Web pages. The defendant's AOL look-alike page directed consumers to enter the numbers from the credit card they had used to charge their AOL account, then asked consumers to enter numbers from a new card to correct the problem. The defendant's page also asked for consumers' names, mothers' maiden names, billing addresses, social security numbers, bank routing numbers, credit limits, personal identification numbers, and AOL screen names and passwords.
The defendant used the information to charge online purchases and open accounts with PayPal, and he used consumers' names and passwords to log on to AOL in their names and send more spam. He also recruited others to participate in the scheme by convincing them to receive fraudulently obtained merchandise he had ordered for himself.
Known as "phishing," the fake Web site scam victimized AOL and its customers, noted Timothy J. Muris, chairman of the FTC, in a statement. The case represents the FTC's first law enforcement action targeting phishing, but it won't be the last, Muris promised.
"We're trying to draw attention to it, so customers recognize this type of scheme," Wenger added.
Although AOL was the target ISP in this case, the scheme can be run on just about any ISP or e-commerce provider, Wenger noted. AOL spokesman Nicholas Graham said such scams are agnostic to the type of connection Internet users have or the brand of ISP they use.
"Scams are like the flus of the Internet - anybody can and will catch them," Graham said.
AOL has been telling customers for years that they shouldn't trust e-mails that ask for personal information such as passwords or credit card numbers, he said. "We applaud the FTC for highlighting an issue that AOL has concentrated on for some time," Graham added.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment