Attorney General Lockyer Cautions Californians to Avoid ID Theft Schemes Using Phony Emails to Target Bank Customers, Other Consumers

‘Phishing’ Spam Includes Fake Security Alerts, False Promises of Account Credit

Wednesday, April 12, 2006
Contact: (916) 210-6000, agpressoffice@doj.ca.gov

(SACRAMENTO) – Attorney General Bill Lockyer today cautioned California consumers to avoid recent and ongoing identity theft schemes that target customers of banks, online auction sites and other businesses with phony emails designed to steal victims’ account numbers, other personal information and money.

“Identity theft is one of the fastest-growing crimes of our times, and the perpetrators net many of their victims on these high-tech phishing expeditions,” said Lockyer. “Consumers should be on the lookout for, and studiously delete, unsolicited emails that are dressed up to look legitimate and play on the fear of ID theft to steal victims’ identities and their money. I know Californians right now are being flooded with this particularly harmful form of spam because my office’s email boxes have been inundated with hundreds.”

Some 2.2 million people every year have their IDs stolen through phishing schemes, according to some published reports. The Gartner Group consulting firm estimated that in 2005 phishing cost consumers nationwide roughly $1 billion.

One of the latest, ongoing phishing scams targets Chase Bank customers. The phony emails, many of which list their address as reward@chase.net, tempt recipients with the promise of a $20 or $100 credit on their accounts if they simply complete an online survey. The survey requires recipients to provide such ID theft material as PIN number, Social Security number, credit card number and mother’s maiden name. Department of Justice (DOJ) email boxes have received at least 146 of these phishing messages in the past five weeks.

Other Chase Bank-related phishing spam has come into DOJ email boxes, with all such messages now totaling at least 236 and climbing. The other Chase phishing scams try to steal personal information by telling recipients such falsehoods as: unauthorized third parties have accessed their accounts; Chase needs to confirm personal data because the bank is implementing a software upgrade; services will be terminated unless renewed immediately; and Chase is launching a new security system because of fraudulent activity on members’ accounts.

Chase, which does not send customers emails that require the recipients to provide confidential personal information in a response, is investigating the account-credit scam. Additionally, the bank provides customers information about phishing schemes and how to avoid them on its web site at www.chase.com .

DOJ email boxes over the past five weeks have received other phishing spam targeting customers of Pay Pal, eBay and several banks, including Bank of America, Citi and Barclay’s. All told, the phishing emails numbered at least 343 as of today. Lockyer urged customers of these businesses and others to visit the companies’ legitimate web sites to learn about email scams and how to avoid becoming a victim of ID theft.

Lockyer said he would contact businesses which seem to be the biggest targets of phishing emails to explore the possibility of launching a cooperative effort to investigate the scams. Potentially, an investigation could lead to filing enforcement actions against perpetrators for violations of federal and state anti-spam laws, consumer protections laws or ID theft-related statutes.

Lockyer noted, however, that tracking down the senders of illegal spam, including phishing emails, is a tough task. Many such communications originate outside the country in such locations as Eastern Europe and Asia. One online security firm traced the Chase account-credit phishing scam to China.

In fact, despite the best efforts of law enforcement, regulators and ISPs, spam remains a growing, persistent and costly problem. The spam portion of all email has risen steadily, increasing from eight percent in 2001, to 62 percent in March 2004, to nearly 70 percent in March of this year. In 2005, experts estimated spam cost U.S. businesses about $17 billion in lost productivity, and screening and other expenses.

Lockyer said the difficulties faced by law enforcement and the private sector in stopping spam increase the importance of consumer education efforts, such as the alert he issued today.

“By providing anti-fraud information on their web sites, businesses are doing their part to provide customers the information they need to identify scams and protect themselves,” said Lockyer. “I urge consumers to use those tools -- and their delete buttons.”

Californians who receive phishing and other spam at their email addresses should send examples to the Attorney General’s Office at caspam@doj.ca.gov .

# # #
AttachmentSize
PDF icon 06-035_0a.pdf122.46 KB
PDF icon 06-035_0a.pdf122.46 KB