Phisher faces criminal charges

The US Trade Commission and the US Department of Justice have stopped a spam e-mail operation that sent out e-mails falsely...

The US Trade Commission and the US Department of Justice have stopped a spam e-mail operation that sent out e-mails falsely claiming to be from PayPal or America Online, which tricked consumers into entering their credit card, bank and user account information on fake websites.

Zachary Keith Hill of Houston has been ordered to halt the identity theft operation, which was the type of scam also known as phishing, while he awaits sentencing on federal criminal charges. 

Each agency led its own probe into Hill's activities. 

Hill pleaded guilty last month to charges of using illegally obtained account access information to buy goods worth more than $1,000 and to a charge of illegally possessing account information for more than 15 people on his PC. 

In a separate civil lawsuit filed in December, Hill was charged with false affiliation for claiming that the e-mail messages he sent were from PayPal, AOL and other ISPs. He was also charged with making false claims to consumers so they would provide account information and with one count of unfair use of that private information and a count of inducing consumers to submit account information by using deceptive means.

The 24-page complaint asked the court to issue an injunction barring Hill from continuing his operations. 

Casey Stavropoulos, a DOJ spokeswoman, said Hill is expected to be sentenced on the criminal charges on 18 May. He faces a maximum prison term of 10 to 15 years, but he could get a lesser sentence as a result of his co-operation with authorities after his arrest. He also faces fines of at least $200,000 plus restitution. 

Hill sent the fake e-mails between March 2001 and February 2003. 

Investigators were able to link Hill to the fake messages through e-mail addresses embedded in the HTML code in the fake web pages.

Hill has agreed to the preliminary injunction that halted his operations while both sides work to resolve the case. Hill is connected to at least $78,000 in purchases or attempted purchases on new credit card accounts he opened using the stolen information. 

He obtained 471 credit card numbers, 152 bank account and bank routing numbers and 541 usernames and passwords for personal internet access accounts using his fake websites. 

"As the Hill case demonstrates, the government can make a difference when agencies work together to crack down on Internet identity theft scams," said assistant attorney general Christopher A Wray of the DOJ's Criminal Division. 

AOL spokesman Nicholas Graham said the company applauded the government's prosecution of the case, and PayPal spokeswoman Amanda Pires hoped the case would act as a deterrent.

"It also helps to educate people not to respond to these fraudulent e-mails," she added. 

Todd R Weiss writes for Computerworld

Read more on IT risk management