Complaint resolution service publishes case studies, recall information and consumer news.

One spammer down, many to go

In a joint law enforcement initiative, the Federal Trade Commission and the Department of Justice have brought two separate actions to shut down a spam operation that hijacked logos from AOL and Paypal to con hundreds of consumers into providing credit card and bank account numbers. At the request of the FTC, a U.S. District Court ordered the defendant to halt his identity theft scam, known as “phishing.” The Justice Department obtained a criminal conviction and the defendant is awaiting sentencing.

The scam worked like this: Consumers received e-mail that appeared to come from America Online or Paypal. The “from” line identified the sender as “billing center,” or “account department” and the subject line carried warnings such as “AOL Billing Error Please Read Enclosed Email,” and “Please Update Account Information Urgent!” The text of the message contained a warning that if the consumers did not respond to the e-mail, their account would be cancelled. Some of the spam said, “. . . we have to ask all our members for updated/correct billing information. Please be advised that this is mandatory. If we do not get your updated billing information, your account will be revoked and put under review and may be cancelled.” A hyperlink in the e-mail took consumers to what appeared to be the AOL Billing Center, with AOL’s logo and live links to real AOL Web pages. But the copy-cat Web page belonged to the defendant. The defendant asked consumers to provide information such as their names and mothers’ maiden names, billing addresses, Social Security numbers, dates of birth, bank account numbers, and bank routing numbers. The defendant also asked consumers to provide their AOL screen names and passwords.

The FTC alleges that the defendant used the information that consumers submitted to establish new credit card accounts and to make unauthorized changes – such as changing the address – on existing credit accounts. According to the FTC, he placed orders and made purchases using the unwitting consumers’ credit information.

The Paypal scheme worked in a similar way, with the defendant using the Paypal passwords that consumers provided to access consumers’ Paypal accounts and to purchase goods or services on their accounts.

The FTC charged that the acts and practices were deceptive and unfair, in violation of the FTC Act. In addition, the FTC alleged that the defendant’s practices violated provisions of the Gramm Leach-Bliley Act designed to protect the privacy of consumers’ sensitive financial information.

Defendant Zachary Keith Hill of Houston, Texas was named in the FTC complaint and the DOJ criminal information filed in United States District Court for the Eastern District of Virginia, Alexandria Division.

“As the Hill case demonstrates, the government can make a difference when agencies work together to crack down on Internet identity theft scams,” said Assistant Attorney General Christopher A. Wray of the Criminal Division of the U.S. Department of Justice. “The Department of Justice remains committed to working closely with the FTC to shut down these phishing operations and protect Internet users from thieves who seek to steal their valuable identity and financial information.”

“This investigation demonstrates the importance of interagency cooperation in clamping down on cyberscammers,” said Howard Beales, Director of the FTC Bureau of Consumer Protection. “The DOJ and FTC contributed complimentary skills and enforcement tools to catch up with this phishing scam, shut it down, and send a clear message that electronic identity theft won’t be tolerated.”

These cases were brought with the invaluable assistance of the Federal Bureau of Investigation’s Washington Field Office, and the United States Attorney for the Eastern District of Virginia’s Computer Hacking and Intellectual Property Squad.

The FTC has established a special Criminal Liaison Unit to expand criminal prosecution of consumer fraud. The Criminal Liaison Unit identifies enforcement agencies that may bring specific types of consumer fraud cases, educates criminal law enforcers in areas of FTC expertise, and coordinates training with criminal authorities to help the FTC prepare cases for referral and parallel prosecutions. Since 1996, dozens of FTC civil cases have resulted in concurrent or subsequent criminal prosecutions. The Criminal Liaison Unit will build on these existing FTC efforts to ensure appropriate criminal prosecution of consumer fraud.

Posted under Privacy

New York Attorney General Eliot Spitzer last month announced an agreement that requires the nation’s leading internet service provider to reform its customer service procedures.

Under the agreement, America Online (AOL) will alter the incentives it offers to customer representatives who seek to persuade subscribers not to cancel their service.

“This agreement helps ensure that AOL will strive to keep its customers through quality service, not stealth retention programs,” Spitzer said.

In response to approximately 300 consumer complaints, Spitzer’s office began an inquiry of AOL’s customer service policies. The investigation revealed that the company had an elaborate system for rewarding employees who purported to retain or “save” subscribers who had called to cancel their internet service. In many instances, such retention was done against subscribers’ wishes, or without their consent.

Under the system, consumer service personnel received bonuses worth tens of thousands of dollars if they could successfully dissuade or “save” half of the people who called to cancel service. For several years, AOL had instituted minimum retention or “save” percentages, which consumer representatives were expected to meet. These bonuses, and the minimum “save” rates accompanying them, had the effect of employees not honoring cancellations, or otherwise making cancellation unduly difficult for consumers.

Many consumers complained that AOL personnel ignored their demands to cancel service and stop billing.

The agreement requires AOL to:

• Eliminate any requirements that its customer service representatives maintain a minimum number of “saves” in order to earn a bonus;

• Record all service cancellation requests and verify action on the request through a third-party monitor;

• Provide refunds to all New York consumers who claim harm based on improper cancellation procedures, up to four months worth of service;

• Pay $1.25 million to the state in penalties and costs.

The claim form for New York consumers seeking refunds is available at Attorney General Spitzer’s web site http://www.oag.state.ny.us/internet/internet.html.

Consumer Help Web President Joan Bounacos applauded the decision. “We have had similar cases this year and last that the company resolved,” Bounacos stated. “It is certainly appropriate for AOL staff to try to persuade customers to remain, but no means no and a consumer’s cancelation request must be honored no matter what.”

Bounacos stated that AOL’s management had responded to Consumer Help Web complaints with offers of refunds and free service.

Posted under Customer Service

Identity theft doesn’t pay, and that includes email addresses. That will be the message when Jason Smathers turns himself into authorities Monday to begin serving a 15 month jail sentence. Smathers was convicted last month of stealing more than 90 million email addresses from AOL and selling them to a spammer.

Smathers also may be required to repay AOL for its costs in dealing with spam created by his sale of the names as well as its costs in employee time spent conducting the investigation.

After cooperating with authorities, Smathers was sentenced to only 15 months in prison rather than the two years he could have received for the information theft.

Posted under Privacy