INDEPTH: SPAM
Phishing for Fraud
Robin Rowland, CBC News Online | November 27, 2003
In the middle of October 2003, hundreds of Canadians began receiving e-mails that appeared to come from the customer service department of the Toronto Dominion Bank.
The e-mail, which was spam, told the customers to click on what appeared to be a genuine link to the TD website. The customer did reach the TD site but the link also generated a pop-up window that was a fraud, a window that asked customers to enter their access card number and internet banking password.
In the spam world, this type of trolling for identity theft victims is called "phishing."
TD says it was alerted to the scam by customers who contacted their customer service line.
TD's manager of external communications, Simon Townsend, told CBC.ca that four of Canada's big five banks had been targeted by the scheme and that the spam was so widespread that the messages reached people who were not TD customers.
Townsend says that TD does not send and will not send e-mail messages to customers requesting confidential information. He advises customers who receive any suspicious message to check with the bank's customer service line or the local branch.
The RCMP and other police forces are investigating. The pop-up window apparently originated from a website in Russia, but it's unclear if the scammers themselves are based there.
In another scam, one of the biggest Internet Service Providers (ISPs) in the United States, Earthlink, named Vancouver as a hotbed of spam-based fraud when it filed suit in federal court in Atlanta naming 50 "John Doe" defendants the suit called the "Vancouver Spammers."
The suit claims that the Vancouver spammers "used stolen and/or bogus credit card numbers and bank account numbers to fraudulently purchase hundreds of dial-up internet accounts from Earthlink."
It claims that spammers then began a campaign "to send massive numbers of fraudulent e-mails to internet users in which the Vancouver Spammers impersonate users' ISP (often American Online) to respond with credit card information, account/password information, social security number and/or other similarly confidential information….The e-mail directs the victim to provide the requested information via either a return e-mail or a similarly bogus, linked-to-web site made to look like an official site." A classic example of "phishing."
Earthlink told CBC.ca the John Doe filing would allow the company to subpoena records in the United States to help trace the spammers.
So far, however, Earthlink has not contacted Telus, the phone company in B.C. Spokeswoman Karen Dosanjh told reporters in August when the suit was filed that, so far, they had not heard from the company. Contacted by CBC.ca, Dosanjh said in mid-November that there still has been no contact from Earthlink.
Provincial and federal privacy laws would limit Canadian companies from supplying information to Earthlink unless there was a criminal investigation here, and so far there is no public indication that police on this side of the border are involved in the case.
Reports say at least two others companies have been victims of phishing. One was America Online which was mentioned in the Earthlink suit. The second was Best Buy, the electronics chain that owns Future Shop stores in Canada. Best Buy says spammers sent out a phoney message on June 18, 2003, with the subject line "Fraud alert" asking customers to provide personal information.
Although the scam was aimed at the United States, some Canadians, including some who were not Future Shop Best Buy customers, received the message. The company says that, as far as it knows, no one fell for the scam.
^TOP
|
|
 |
 MENU |
|
|
| RELATED: |
|
|
| MEDIA: |
November 26, 2003:
On CBC Newsworld, David Gray interviews media lawyer Michael Geist from the University of Ottawa Law School about how to tackle spam.
 Real Video
On CBC Newsworld, Christopher Thomas interviews Ontario privacy commissioner Ann Cavoukian about how Canada is fighting spam.
Real Video
|
|
| MORE: |
|
|
|
