Identity thieves pose as federal agencies in latest Internet scams
By Christopher S. Rugaber
Associated Press
WASHINGTON — The federal agency charged with protecting consumers from Internet scams now finds itself wrapped up in one.
Identity thieves have sent thousands of bogus e-mails purporting to be from the Federal Trade Commission — as well as the Internal Revenue Service and Justice Department — in an attempt to trick consumers into divulging personal financial information.
The agencies are the latest institutions to be exploited in "phishing" scams, long the bane of large banks and credit card issuers.
Analysts who track online crime say that while financial institutions are still the most commonly hijacked brands, the use of federal agencies in the hoaxes is increasing and reflects criminals' desire to take advantage of the familiarity and authority of various government departments.
Phishing typically involves sending fraudulent e-mails that include links that direct recipients to fake Web sites where they are asked to input sensitive data. Phishers may also include attachments that, when clicked, secretly install "spyware" that can capture personal information and send it to third parties over the Internet.
Criminal gangs in the United States and overseas use the information to steal thousands of dollars from consumers or to sell their identities in what experts describe as a sophisticated underground economy surrounding identity theft.
The FTC said in June that corporate and banking executives, among other consumers, have received fake e-mails with spyware attachments purporting to be from the agency.
The Treasury Department, meanwhile, said June 27 it has received more than 23,000 complaints about IRS-related phishing scams since an investigative arm of the department began tracking them in November 2005.
The scams have been "unprecedented both in terms of sophistication and the volume of reports we have received," J. Russell George, Treasury Inspector General for Tax Administration, said in a written statement.
Michelle Lamishaw, an IRS spokeswoman, said most of the hoax e-mails tell recipients they are under investigation or that they have a tax refund pending. Some are more sophisticated, including those targeted to small businesses that mention obscure agencies known primarily to business men and women such as the California Franchise Tax Board.
But government officials said recipients of such e-mails should be suspicious of their origin for one simple reason: federal agencies rarely communicate with citizens over e-mail.
Lois Greisman, associate director of the FTC's division of marketing practices, said, "We are the agency that brought you the Do Not Call Registry and CAN-SPAM," she said, referring to a 2003 law restricting commercial spam. "We're not likely to send out unsolicited e-mails."
Peter Cassidy, a spokesman for the Anti-Phishing Working Group, said phishing first surfaced early this decade and took off in 2003. The APWG is a consortium of corporations, banks, software providers and law enforcement agencies whose members include eBay Inc., Microsoft Corp. and Yahoo Inc.
The scams are still growing rapidly: The number of phishing Web sites jumped to 37,438 in May, the APWG said in a report released July 8, more than triple the 11,976 reported in May 2006.
Phishing can carry significant economic costs for the victims and rewards for the perpetrators. Jeff Fox, technology editor at Consumer Reports, said that last September his group estimated consumers had lost $630 million to phishing scams in the previous two years.
A recent report from the Government Accountability Office, Congress's investigative arm, put the figure at $1 billion annually.
Despite efforts to educate the public about the dangers of clicking on unknown links and attachments in spam e-mail, many computer users still do so.
Consumer Reports estimates that 8.2 percent of online households have submitted personal information in response to fraudulent e-mails in the past two years, Fox said. "It's astounding," he added.