The illicit haul arrived each day by e-mail, the personal details of computer users tricked by an Internet thief: a victim’s name, credit card number, date of birth, Social Security number, mother’s maiden name.
One more Internet “phishing” scam was operating. But this time, private sleuths soon were hot on the electronic trail of a thief whose online alias indicated an affinity for the dark side.
The case moved ahead in part because of an underground tipster and the thief’s penchant for repeatedly using the same two passwords – “syerwerz” and “r00tm3.”
Unraveling a scheme that also had hacked Kenyon College in Ohio, the investigation leapt across continents and ultimately pointed toward a neighborhood in Granby, Quebec. It offers an extraordinary glimpse behind an Internet fraud that targets the most trusting computer users.
“This is really lousy,” said Johan Fabris of Holmes, Pa. The 82-year-old grandmother had her online bank account hijacked.
Her teenage grandson had set up the account for her to sell hand-sewn doll clothes in Internet auctions.
“This was my first foray into the modern computer world. These … people – life is complicated enough,” Fabris said.
In such phishing scams, victims are fooled by realistic- looking e-mails that appear to come from banks or other financial institutions. The urgent- looking messages direct recipients to verify their accounts by typing personal details – credit card information, for example – into a website disguised to appear legitimate.
Despite warnings from the government, banks and security experts, consumers fall victim with disturbing frequency.
One industry organization, the Anti-Phishing Working Group, estimated that thieves collectively launch more than 14,000 such schemes monthly and that about 5 percent of computer users respond to the fraudulent messages.
“They make it look completely real,” said Jennifer Phillips, 25, of Martinsville, Ill. She was tricked into disclosing her card number, mother’s maiden name, bank routing number and more. Internet sleuths from CardCops Inc. of Malibu, Calif., uncovered the latest plot.
A tipster pointed them to the thief’s e-mail account and gave up the thief’s favorite passwords, which the thief previously had shared with the informant, CardCops chief executive Dan Clements said.
CardCops monitors Internet chat rooms and other hacker communications for stolen credit card numbers, then notifies merchants and consumers to block bad purchases.
