Feds Shut Down PayPal, AOL Scams

A spam e-mail operation that sent out e-mail messages falsely claiming to be from PayPal or America Online, tricking hundreds of consumers into entering their credit card, banking, and user account information on fake PayPal and AOL Web sites, has been stopped by the U.S. Federal Trade Commission and the U.S. Department of Justice.

The two agencies have announced that Zachary Keith Hill of Houston has been ordered to halt the identity theft operation, which was the type of scam also known as phishing, while he awaits sentencing on federal criminal charges.

Each agency led its own probe into Hill's activities.

Criminal Charges Filed

In a criminal case brought by the DOJ in U.S. District Court in the Southern District of Texas, Houston Division, Hill pleaded guilty in February to charges of using illegally obtained account access information to buy goods worth more than $1000 and to a charge of illegally possessing account information for more than 15 people on his PC.

In a separate civil lawsuit filed by the FTC in December, Hill was charged with false affiliation for claiming that the e-mail messages he sent were from PayPal as well as AOL and other ISPs. He was also charged with making false claims to consumers so they would provide account information, with one count of unfair use of that private information, and a count of inducing consumers to submit account information by using deceptive means. The 24-page complaint asks the court to issue an injunction barring Hill from continuing his operations.

Casey Stavropoulos, a DOJ spokesperson, says Hill is expected to be sentenced on the criminal charges on May 18. He faces a maximum prison term of 10 to 15 years, she says, but he could get a lesser sentence as a result of his cooperation with authorities after his arrest. He also faces fines of at least $200,000 plus restitution.

Hill sent the fake e-mail between March 2001 and February 2003, according to the DOJ.

Investigators were able to link Hill to the fake messages through e-mail addresses that were embedded in the HTML code in the fake Web pages, says Patricia Poss, one of the FTC attorneys working on the case. The HTML code in the Web pages directed the information entered by consumers to Hill's e-mail addresses, Poss says.

The FTC case against Hill remains in litigation, she says. He has agreed to the preliminary injunction that halted his operations while both sides work to resolve the case. Hill is connected to at least $78,000 in purchases or attempted purchases on new credit card accounts he opened using the stolen information, the FTC says.

He illegally obtained 471 credit card numbers, 152 bank account and bank routing numbers, and 541 user names and passwords for personal Internet access accounts using his fake Web sites, according to his plea agreement with the Justice Department.

Plausible Fakes

Under Hill's scam, consumers received e-mail that appeared to come from AOL or PayPal. The "From" line identified the sender as "billing center" or "account department" and the "Subject" line carried warnings such as "AOL Billing Error Please Read Enclosed Email," or "Please Update Account Information Urgent!" The messages warned consumers that their accounts would be canceled if they didn't respond.

A hyperlink in the e-mail pointed to what appeared to be the AOL Billing Center, with AOL's logo and live links to real AOL Web pages. But the site was actually Hill's Web site, where he harvested consumers' names and their mothers' maiden names as well as their billing addresses, Social Security numbers, dates of birth, bank account numbers, bank routing numbers, and AOL screen names and passwords.

Hill's PayPal scheme used the PayPal passwords that consumers provided, allowing him to use their PayPal accounts to purchase goods and services.

"As the Hill case demonstrates, the government can make a difference when agencies work together to crack down on Internet identity theft scams," Assistant Attorney General Christopher A. Wray of the DOJ's Criminal Division says in a statement.

Several attempts to reach Hill by telephone were unsuccessful.

Nicholas Graham, an AOL spokesperson, says the company applauds the government's prosecution of the case. "This is a very important issue to us," Graham says.

Amanda Pires, a spokesperson for PayPal, says the company believes the case will help deter others from using similar scams. "It also helps to educate people not to respond to these fraudulent e-mails," she says.

Assisting in the cases were the FBI's Washington Field Office and the U.S. attorney for the Eastern District of Virginia's Computer Hacking and Intellectual Property Squad.

This story, "Feds Shut Down PayPal, AOL Scams" was originally published by Computerworld.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon