SAN FRANCISCO–Zachary Keith Hill, 20, was sentenced to 46 months in prison after pleading guilty to defrauding customers of America Online and PayPal in an elaborate online phishing scheme.
Phishing scams are among the top consumer privacy and identity theft concerns the Federal Trade Commission will pursue this year. Phishing occurs when fraudsters masquerade as legitimate companies to trick consumers into handing over their personal and financial account information. So far, financial service companies and their consumers have been targeted the most.
The surge in these types of scams, increased vulnerability of computers to viruses and attacks, and new consumer privacy legislation all contribute to real estate companies’ need to heighten their awareness of security issues and tighten their preventative security methods.
Howard Beales, FTC’s director of consumer protection, outlined the agency’s initiatives to address consumer privacy concerns during a conference here this week called Privacy Futures, hosted by the International Association of Privacy Professionals and Trust-e. He said consumer privacy is very much an issue of information security.
Nearly 10 million people suffered from some form of identity theft in 2002, according to research the FTC conducted early last year.
“We conducted research during March and April of 2003. We thought we’d have a hard time finding victims,” Beales said.
But the agency found plenty of victims in a trail of costly crimes. More than 3 million people discovered that new accounts had been opened and other frauds (e.g., renting an apartment or home or obtaining medical care or employment) had been committed in their name. The thefts resulted in a $30 billion loss to businesses, a $50 billion loss overall and $5 billion in out-of-pocket costs to the victims.
Companies’ precaution with sensitive consumer information is key to curbing the crime, Beales said. In instances where fraud occurred, the FTC found that it was companies’ lack of information security that enabled the perpetrators to steal consumers’ identities.
“Companies need to take reasonable steps to guard against reasonable vulnerabilities…Without information security, there is no privacy,” he said.
Current law requires financial institutions to protect consumer information by implementing privacy policies and information security programs. Federal agencies now are considering imposing a rule that would require financial companies to adopt measures for proper disposal of consumer information derived from credit reports.