No Joke: FBI Calls Spoofing Hottest New Web Scam

Agency's Internet Fraud Complaint Center says ploy leading to rise in ID theft and credit card fraud.
Posted July 22, 2003

Roy Mark

The FBI says bogus e-mail that seeks to trick customers into giving out personal information is the "hottest, and most troubling" new scam on the Internet. The agency, in conjunction with national Internet service provider Earthlink, the Federal Trade Commission, and the National Consumer's League, began an initiative Monday to raise awareness about the problem.

The FBI's Internet Fraud Complaint Center (IFCC) has seen a steady increase in complaints that involve some form of unsolicited e-mail directing consumers to a phony "customer service" type of web site. According to Jana Monroe, Assistant Director of the FBI's Cyber Division, the scam is contributing to a rise in identity theft, credit card fraud, and other Internet frauds.

"Spoofing," or "phishing," frauds attempt to make Internet users believe that they are receiving e-mail from a specific, trusted source, or that they are securely connected to a trusted web site, when that is not the case. Spoofing is generally used as a means to convince individuals to provide personal or financial information that enables the perpetrators to commit credit card/bank fraud or other forms of identity theft. Spoofing also often involves trademark and other intellectual property violations.

In "E-mail spoofing" the header of an e-mail appears to have originated from someone or somewhere other than the actual source. Spam distributors and criminals often use spoofing in an attempt to get recipients to open and possibly even respond to their solicitations.

"IP Spoofing" is a technique used to gain unauthorized access to computers, whereby the intruder sends a message to a computer with an IP address indicating that the message is coming from a trusted port.

"Link alteration" involves altering the return address in a web page sent to a consumer to make it go to the hacker's site rather than the legitimate site. This is accomplished by adding the hacker's address before the actual address in any e-mail, or page that has a request going back to the original site.

If an individual unsuspectingly receives a spoofed e-mail requesting him/her to "click here to update" their account information, and then are redirected to a site that looks exactly like their Internet service provider, or a commercial site like EBay or PayPal, there is an increasing chance that the individual will follow through in submitting their personal and/or credit information.

Monroe said the FBI's specialized Cyber Squads and Cyber Crime Task Forces across the country are zeroing in on the spoofing problem. The FBI's Legal Attache offices overseas are helping to coordinate investigations that cross international borders. The IFCC has received complaints that trace back to perpetrators in England, Romania, and Russia.

The FBI is also working actively with key Internet e-commerce stake-holders such as EBay/PayPal,, and a variety of Internet merchants via the Merchants Risk Council to identify common traits of such scams, as well as proactive measures to rapidly respond.

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.