The U.S. federal government and Internet service provider (ISP) EarthLink Inc. warned Monday of a surge in unsolicited ("spam") e-mail and scam Web sites that are designed to steal the identity of unsuspecting Internet users.
The Atlanta, Georgia, ISP has seen a spike since the beginning of the year in e-mail linked to so-called "phisher" Web site scams, which use spam to lure victims to Web sites that are designed to look like legitimate retail or corporate sites, according to company spokeswoman Carla Shaw.
Victims are often told they need to update personal account information with a company. Once at the scam site, victims are asked to "re-enter" sensitive information such as their social security number, account password or even credit card numbers into a form provided on the site. That information is captured by the scam Web site's operators and used to perpetrate identity theft, EarthLink said.
In a joint statement, the U.S. Federal Bureau of Investigation (FBI) said that it has seen a "steady increase" in complaints to its Internet Fraud Complaint Center about the phony Web sites.
Retailers, online auction sites and ISPs are frequent targets of the scam artists, the FBI said.
The U.S. Federal Trade Commission (FTC) said that it was working closely with EarthLink as well as law enforcement to warn consumers about the scams.
Identity theft has been the number one consumer complaint reported to the agency for the last three years, the agency said.
EarthLink asked the federal agencies to join it in issuing a warning to raise the profile of the problem, Shaw said.
"We want to make consumers aware of the problem and empower them with the knowledge that these types of scams are increasing and that they can protect themselves by not responding to suspicious emails," she said.
The warnings come as a new report from research group Gartner Inc. shows a dramatic increase in incidents of identity theft in the past 12 months.
"Underreporting of Identity Theft Rewards the Thieves" surveyed 2,445 U.S. households in May, 2003. The study found that reported incidents of identity theft increased 79 percent in the past year, from 1.9 percent of respondents to 3.4 percent, Gartner said.
Broadened to include all U.S. consumers, the survey's results mean that seven million U.S. adults were victims of identity theft in the last 12 months, Gartner said.
However, contrary to the image presented by EarthLink of anonymous thieves hiding behind sham Web sites, more than half of all identity theft is committed by criminals who have established relationships with their victims, such as family members, roommates and co-workers, Gartner said.
A lackadaisical response to the problem by the financial services industry is at least partly to blame for the problem, Gartner said.
Banks, credit card issuers and other companies that extend credit to their customers often fail to make a connection between delinquent accounts and identity theft, attributing the problem to "credit losses" due to irresponsible borrowers, Gartner said.
The result is that criminals face only a 1 in 700 chance of getting caught by federal authorities, the company said.
Gartner called on legislators and industry associations to pressure financial services companies to address the problem.
Companies should do a better job of screening credit applicants for fraud and make it easier to report identity theft to financial institutions, Gartner said.
Almost unheard of two years ago, phisher sites are now a common new type of spam.
Recent news reports have highlighted scams targeting Paypal Inc. and US chain store retailer Best Buy Co. Inc.
Legitimate companies and online retailers would never use an e-mail message to solicit personal account information provider, according to EarthLink's Shaw.
Internet users who receive a suspicious e-mail asking for personal information should forward the message to the company in question asking for clarification, the FBI said.