Dodging the data thieves

Scam: A site purporting to be an AOL billing center is one of many such cons aimed at filching personal information.

July 04, 2002|By Kevin Washington | Kevin Washington,SUN STAFF

When Ken Iman saw the e-mail requesting credit card information to continue his America Online account, it looked so real that he was almost taken in. Except for one thing.

It was sent to his 14-year-old son.

That message led Iman to a Web site which called itself the "AOL Billing Center," with a form that asked for his credit card number and other information to ensure that his AOL service would continue uninterrupted. Failure to provide the information, the site warned, would result in a $50 fee.

AOL doesn't have a billing center Web site, nor does the giant Internet service provider solicit such information via e-mail. Experts say a con artist intent on bilking AOL members out of identifying information is probably behind the sham operation.

"But the thing is that it [the Web site] looked so perfect," said Iman, who lives in Dundalk and teaches business at Baltimore International College. "They had the colors down. They had links that went right to AOL. This was no quick job. It looked perfect, at least until I went down the page through all the tracking information at the bottom, and it said something about Germany."

Iman, 49, said he called AOL, which told him that the site was a scam.

In fact, according to news reports, similar billing center schemes have been operating for at least six months, drawing complaints from AOL customers as far apart as Milwaukee, Dallas and New Jersey.

The Web host for the site Iman found shut it down Monday after being contacted by The Sun.

Nicholas Graham, spokesman for America Online, says the scams aren't news to the company and calls them the crank calls of the Internet.

"As anyone with a telephone in the offline world knows, you have to deal with crank calls - anyone with a computer and an ISP in the online world will have to face this, too," he said.

The trouble is that with 34 million customers, AOL has become so ubiquitous and its subscriber base so large, that it has become a prime target for con artists who want to defraud members.

This and other types of online fraud have become a big business. In its first annual report released in April, the federal Internet Fraud Complaint Center ( said it referred 16,775 complaints last year to police and government regulatory agencies. More than 90 percent of those involved online fraud.

The largest group of complaints, 43 percent, concerned Web auction fraud, but more sinister and serious schemes abound.

Susan Grant, director of Internet Fraud Watch (, operated by the nonprofit National Consumers League, said the type and breadth of data collected by the phony billing center Web site makes it likely that the operators were interested in identity theft.

Identity theft, in which criminals assume the victim's identity and use it to set up credit accounts or commit crimes, can take years to sort out.

The fake AOL billing center site wanted complete information for two credit cards - including each card's credit limit and the three-digit security code on the back. It also asked for checking account and routing numbers, the user's Social Security number, driver's license number, date of birth, addresses, phone numbers and other identifying information. Such an in-depth request should be a warning in itself, fraud experts say.

"Some red flags should go up when someone on behalf of a business you already have a relationship with contacts you and asks for information the organization should already have," Grant said. "Sometimes people may not be as cautious on the Internet as if someone knocked on their door or called them out of the blue and asked for the same information."

Despite its sophistication, the phony Web page did break two basic AOL business rules, Graham said: AOL never asks for screen names and passwords via e-mail or telephone, and never solicits financial information through e-mail or customer service representatives.

Graham said the company is constantly educating members about these policies, but that doesn't stop con artists from trying. Often, he said, the criminals troll chat rooms trying to gather the screen names (online identifiers) of potential victims.

Once the con artist has 100 to 200 names of a particular ISP's members he e-mails victims with a bogus request for credit card information, Graham said. After he gets five to 10 people to give up critical information, he may take down the fraudulent Web site and then put up another one with a different address.

Even the Web hosting account for the phony AOL billing center was created fraudulently. Two weeks ago, the person who set up the account provided a stolen American Express card number to Go Daddy Software of Scottsdale, Ariz., which registered the domain. Christine Jones, general counsel for Go Daddy, said the crook "had all of the confirmation information for the card."

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.