E-mail scam tries to trick you into giving data

By Peggy Rogers
Knight Ridder News Service

•	What to do if you're scammed Report the crime to local authorities File a complaint with the FBI's Internet Fraud Complaint Center, www.ifccfbi.com.

Spam e-mails whose styles closely mirror those of legitimate sites are telling recipients that their account information is incomplete. "Would you please fill out the details about yourself in the accompanying form?" the spam goes on to ask.

And people do, experts say. They don't realize that the sites — which have recently adopted the styles of Citigroup, PayPal and other large corporations — are just looking for enough information either to sell to the highest bidders or to steal your identity and money.

The FBI issued an alert last week about the spreading problem. The scam is not completely new, but its rapid spread, expert styling and formatting to mimic real sites, its warnings that users could lose account privileges if they don't re-enlist, and the amount of personal information sought make the problem much bigger and more untenable.

Scamsters have issued millions of these "phishing," "carding" or "brand-spoofing" e-mails, experts say.

"Bogus e-mails that try to trick customers into giving out personal information are the hottest, and most troubling, new scam on the Internet," Jana Monroe, assistant director of the FBI's Cyber Division, said in a press alert.

The targets are indiscriminate, as well. One spam scam went out not to a person but a thing: a Web site that's part of Ziff Davis, the technology-publishing empire. The e-mail request claimed, falsely, to come from PayPal — an Internet purchasing system that many eBay traders use — and the e-mail asked for, among other things, the site's customer name, password, e-mail address and credit-card data.

The easiest solution, of course, is to simply hit the delete button when asked by an unsolicited e-mail for account information. Even if the site looks bona fide, don't enter any information.

Internet companies uniformly say they do not send out blind e-mails asking for personal credentials. They also say they wouldn't threaten people with the loss of account privileges in an e-mail.