[Senate Hearing 108-486]
[From the U.S. Government Publishing Office]



                                                        S. Hrg. 108-486

                      INTERNET FRAUD HITS SENIORS:
AS SENIORS VENTURE INTO THE WEB, THE FINANCIAL PREDATORS LURK AND TAKE 
                                  AIM

=======================================================================

                                HEARING

                               before the

                       SPECIAL COMMITTEE ON AGING
                          UNITED STATES SENATE

                      ONE HUNDRED EIGHTH CONGRESS

                             SECOND SESSION

                               __________

                             WASHINGTON, DC

                               __________

                             MARCH 23, 2004

                               __________

                           Serial No. 108-32

         Printed for the use of the Special Committee on Aging


93-526              U.S. GOVERNMENT PRINTING OFFICE
                            WASHINGTON : 2003
____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov  Phone: toll free (866) 512-1800; (202) 512ï¿½091800  
Fax: (202) 512ï¿½092250 Mail: Stop SSOP, Washington, DC 20402ï¿½090001


                       SPECIAL COMMITTEE ON AGING

                      LARRY CRAIG, Idaho, Chairman
RICHARD SHELBY, Alabama              JOHN B. BREAUX, Louisiana, Ranking 
SUSAN COLLINS, Maine                     Member
MIKE ENZI, Wyoming                   HARRY REID, Nevada
GORDON SMITH, Oregon                 HERB KOHL, Wisconsin
JAMES M. TALENT, Missouri            JAMES M. JEFFORDS, Vermont
PETER G. FITZGERALD, Illinois        RUSSELL D. FEINGOLD, Wisconsin
ORRIN G. HATCH, Utah                 RON WYDEN, Oregon
ELIZABETH DOLE, North Carolina       BLANCHE L. LINCOLN, Arkansas
TED STEVENS, Alaska                  EVAN BAYH, Indiana
RICK SANTORUM, Pennsylvania          THOMAS R. CARPER, Delaware
                                     DEBBIE STABENOW, Michigan
                      Lupe Wissel, Staff Director
             Michelle Easton, Ranking Member Staff Director

                                  (ii)

  
?

                            C O N T E N T S

                              ----------                              
                                                                   Page
Opening Statement of Senator Larry E. Craig......................     1
Statement of Senator Susan Collins...............................     2

                                Panel I

Jeffrey Groover, inmate, Federal Correctional Institution, Yazoo 
  City, MS.......................................................     3

                                Panel II

Dave Nahmias, Deputy Assistant Attorney General, Criminal 
  Division, Department of Justice, Washington, DC................     8
Lawrence E. Maxwell, Assistant Chief Inspector, U.S. Postal 
  Inspection Service, Washington, DC.............................    27
J. Howard Beales, III, Director, Bureau of Consumer Protection, 
  The Federal Trade Commission, Washington, DC...................    47
Tanya Solov, director of Securities, North American Securities 
  Administrators Association, Chicago, IL........................    70
David Jevans, chairman, Anti-Phishing Working Group, Redwood 
  City, CA.......................................................    77

                                 (iii)

  

 
   INTERNET FRAUD HITS SENIORS: AS SENIORS VENTURE INTO THE WEB, THE 
                 FINANCIAL PREDATORS LURK AND TAKE AIM

                              ----------                              --



                        TUESDAY, MARCH 23, 2004

                                       U.S. Senate,
                                Special Committee on Aging,
                                                    Washington, DC.
    The committee met, pursuant to notice, at 10:34 a.m., in 
room SD-628, Dirksen Senate Office Building, Hon. Larry E. 
Craig (chairman of the committee) presiding.
    Present: Senators Craig and Collins.

       OPENING STATEMENT OF SENATOR LARRY CRAIG, CHAIRMAN

    The Chairman. Good morning, everyone. The Special Committee 
on Aging will be convened. The subject today, Internet Fraud 
Hits Seniors: As Seniors Venture into the Web, the Financial 
Predators Lurk and Take Aim. I would like to thank our 
witnesses for joining us today on an issue of growing national 
concern, the emerging use of the Internet to perpetuate fraud 
against our nation's senior citizens.
    According to a recent survey, those 65 years of age and 
older are the fastest-growing group online, increasing their 
presence on the Internet by 25 percent in 2003. As seniors go 
online in record numbers, fraud perpetuated through the 
Internet is dramatically on the rise. Thousands of Internet 
fraud victims in 2002 were senior citizens and those numbers 
nearly doubled in 2003. Seniors are also targeted in 
disproportionate numbers by scams originating across borders 
and overseas.
    We know that the Internet offers a vast global marketplace 
for consumers and businesses alike. Unfortunately, scam artists 
also recognize the potential of the Internet for criminal 
enterprises. The same scams that were once conducted by mail 
and phone are now easily perpetuated through the Internet, and 
new scams emerge every day. Criminals know that they can commit 
fraud online in a faster and more cost-effective way. They also 
know it is harder to get caught.
    Therefore, to effectively fight this crime, it is critical 
that the State and Federal law enforcement agencies work 
closely together. In cases of Internet fraud committed across 
borders, it is important for domestic law enforcement to work 
effectively with their foreign counterparts. As part of this 
hearing, I am pleased to announce a new public awareness 
Initiative with Federal agency partners to educate the senior 
population on the new dangers of Internet fraud. The FTC is our 
lead partner in this effort.
    In conclusion, I also urge the law enforcement agencies 
represented here today to be on the alert for Internet fraud 
related to the new Medicare prescription drug discount card 
program that this committee reviewed just a few weeks ago. 
Although no Internet fraud reports have been reported as of 
yet, we must remain ever-alert to new ventures or avenues of 
criminal activity.
    Before I introduce our first panel, let me turn to my 
colleague Susan Collins who, through her committee, has already 
done work in this area.

               STATEMENT OF SENATOR SUSAN COLLINS

    Senator Collins. Thank you very much, Mr. Chairman.
    I am very pleased that you are holding this hearing today 
on such an important issue. I have long been concerned about 
the problem of Internet fraud, particularly those scams 
targeting our elderly. The Internet is a phenomenal tool of 
commerce and communication, but it also provides a powerful 
tool to those who would use it for criminal purposes.
    The Permanent Subcommittee on Investigations, which I 
formerly chaired, held a series of hearings related to fraud 
and the Internet. We began the series in 1998 with a hearing on 
the very topic that we are addressing today, Internet scams and 
how they affect consumers, particularly our senior citizens.
    I recall saying at the time, this was 6 years ago, that 175 
countries were connected to the Internet and approximately 50 
million Americans were using the Web. I thought that was 
astonishing at the time. Well, today, of course, that number 
has grown to at least 203 countries and 165 million Americans 
who regularly use the Internet to pay their bills, shop online, 
or simply to search for information or communicate with their 
friends and family.
    There is no question that the Internet has been a boon for 
business. The remarkable ease and speed with which transactions 
can be conducted over the Internet have made the world a 
smaller place. Consumers have the ability to engage in a 
variety of commercial activities across State and even national 
borders, including shopping, banking, and investing, all from 
the comfort, privacy, and safety of their own homes. An 
unfortunate corollary to this ease of access, however, is that 
those who wish to use the Internet to defraud innocent people 
can also work just as easily from the privacy, comfort, and 
safety of their own homes, or anywhere else, for that matter. 
Because the Internet can be used to transfer text, pictures, 
music, as well as money, credit card numbers, and other 
personal information, the potential for criminal use of the 
Internet is infinite.
    Corresponding to the explosive growth of the Internet, the 
number of consumer complaints of Internet fraud to the Federal 
Trade Commission continues to rise. Of the nearly 302,000 fraud 
complaints filed last year, more than 166,000 people reported 
that they had been victims of Internet-related fraud. That is 
more than a doubling of the number of victims in the last three 
years. The cost of this escalating fraud? Nearly $200 million, 
including $12.8 million paid out by defrauded seniors, many of 
whom are living on limited incomes. Those are only the ones who 
actually took the time to file complaints with the FTC. The 
real number is undoubtedly much higher.
    Seniors can be especially vulnerable to Internet fraud. 
Some of the very achievements that they have worked their whole 
lives to attain contribute to this vulnerability. Many seniors 
have strong credit records earned over years of faithfully 
paying their bills on time. This good credit is being abused by 
thieves who steal their credit card numbers to run up bills on 
their accounts, or by others who promise huge returns on an 
investment that never materializes.
    Law enforcement officials know that almost any crime that 
can be committed in the real world can also be committed in the 
virtual world. In fact, the Internet allows criminals to target 
their victims more quickly, less expensively, and with much 
less chance of getting caught.
    So again, Mr. Chairman, I salute you for undertaking this 
effort. I think one of the most important things we can do for 
our seniors is to educate them and alert them to the potential 
for fraud. I know that has been the focus of your efforts as 
chairman, and I salute you for that.
    The Chairman. Senator, thank you very much for that 
statement. Those facts, the statistics of access to and, now, 
regular use of the Internet are really phenomenal and are still 
moving by large numbers in this country.
    Now let us move to our panelists and our first panel. Our 
first panelist is Jeffrey Groover, a former Internet service 
business owner and currently an inmate of the Federal 
Corrections System, who will share with us his experience with 
Internet fraud. I must tell you, Jeffrey, I am pleased that you 
were willing to testify today and you were allowed to testify. 
I think it is important for the record that we hear first-hand 
from someone who has effectively used the Internet for criminal 
activity.
    Mr. Groover, since you will be testifying as to the facts 
in a case that you have first-hand knowledge of, we need to 
take your testimony under oath. Would you please stand and 
raise your right hand.
    Jeffrey Groover, do you solemnly swear that the testimony 
you are about to give before the committee is the truth, the 
whole truth and nothing but the truth, so help you God?
    Mr. Groover. I do.
    The Chairman. Please be seated. Again, we thank you for 
your willingness to testify. Please proceed with your 
testimony.

  STATEMENT OF JEFFREY GROOVER, INMATE, FEDERAL CORRECTIONAL 
                  INSTITUTION, YAZOO CITY, MS

    Mr. Groover. Good morning, Mr. Chairman, distinguished 
senators. Thank you. My name is Jeffrey Groover, and I would 
like to thank you for the opportunity and privilege to speak to 
the committee today.
    I am 43-years old, I'm from West Palm Beach, FL. I have 
worked in the computer networking and telecommunications fields 
for the past 18 years. In 1996, I started a small Internet 
service provider company that we sold in 1999; then I started a 
telecommunications and Internet company.
    During the following year, I found myself in financial 
difficulties. The Internet bust had left me in a financial 
crisis. I began to fraudulently obtain credit to keep my 
business going and to support my former wife and two small 
children. I was subsequently caught and convicted in Federal 
court of unauthorized use of an access device. I was given a 
substantial Federal prison sentence.
    I stole the identities of a few individuals, including Mr. 
Nelson Doubleday, a wealthy Florida resident and co-owner of 
the New York Mets. The techniques are lengthy and technical. 
However, all that I needed was your name and the approximate 
area where you lived, and in a few hours I could obtain your 
full name, your address, your date of birth, your Social 
Security number, your wife's name, your previous address, and 
any vehicles or property that you owned.
    After applying online for a credit card in your name and 
being approved within a few minutes, I would receive it in a 
few weeks. Then I would run a complete credit report from any 
one of the online credit reporting agencies and find out who 
you had credit accounts with. From there, I could tap into your 
bank account, providing that I had the right circumstances. I 
did all this through the Internet.
    Everyone is susceptible to this type of fraud. That is not 
to scare everyone; that is just to make everyone aware that the 
Internet is to be used with caution, especially senior Internet 
users. With just a few small changes, it can also be a safer 
place to do business as well as conduct credit and financial 
transactions.
    I came here to assist my country and in some small way to 
find redemption for what I've done. I lost my home, my 
business, my freedom, and most of all, my wife and children, 
for what I did. The punishment is severe, and rest assure that 
I will not do it again. However, that will not stop other 
people from continuing to do this type of crime due to the ease 
in which it can be done.
    I believe, though, that I can provide you with some 
recommendations that will stop a large portion of these crimes.
    One recommendation is this: To require credit reporting 
agencies to implement a pass-key system in order to access an 
individual's credit report. This will save billions of dollars 
each year in credit fraud done through the Internet or 
otherwise. When an individual applies for credit, they must 
enter their pass-key authorizing their credit file to be 
accessed. If the pass-key is incorrect, then their file is 
locked and further contact with the correct individual will be 
necessary to unlock it. This will stop this type of fraud at 
the inception.
    Furthermore, procedures should be implemented to allow a 
consumer to lock their credit file at their instruction from 
anyone attempting to gain access to it. For instance, if they 
go on vacation, away on business or an extended hospital stay, 
at the time they need their credit report they would simply go 
online and unlock their file. All this could be implemented 
easily and without major changes to the credit reporting 
agencies' system.
    Although I do not have enough time here now to provide you 
in great detail on how to prevent these types of crimes, my 
knowledge and experience is available to you anytime.
    I once again apologize to Mr. Doubleday and the other 
victims and hope they will forgive me. I am happy to be of 
assistance to you in this matter and will answer any questions 
you may have, as well as make further recommendations to the 
committee.
    Thank you once again, Mr. Chairman and members of the 
committee.
    The Chairman. Well, Jeffrey, thank you for that testimony. 
Again, I must say I do appreciate your willingness to come 
before the committee this morning and speak as openly as you 
have about your own actions, but also to offer up suggestions 
as to how the Internet might be improved.
    Can you state for the record the charges you were convicted 
of and the time that you are currently serving?
    Mr. Groover. Yes. It was Title 18, United States Code 
Subsection 1029, unauthorized use of an access device. I was 
sentenced to 46 months in Federal prison.
    The Chairman. How was the law enforcement in Florida 
finally able to catch up with you and your unlawful action on 
the Internet?
    Mr. Groover. Basically, Senator, law enforcement was able 
to catch me because not only was I committing criminal 
activity, I was raising a family and trying to keep a 
legitimate business going. Had I only been focused on being a 
criminal, they would have had a much tougher time catching me, 
if at all. So basically what I am saying is that the people 
that are doing this type of crime, if they are solely focused 
on being criminal, then it is tougher to catch them. In my 
case, I guess you could say no man's legs are long enough to 
walk on both sides of the fence.
    The Chairman. Well, that and, I am assuming by what you 
just said, because you were staying in one location and not 
moving around or attempting to in any way evade the law, did 
that assist in their being able to catch you?
    Mr. Groover. Yes, I would say so.
    The Chairman. Why do you think the Internet is becoming the 
weapon of choice in perpetuating financial crimes in this 
country?
    Mr. Groover. The ease of use and the Internet has become 
ubiquitous throughout the world. So they can move around, 
criminals can move around easily, and put up a Web site here or 
do activity anywhere around the world on the Internet and they 
can contact another individual or another piece of equipment 
anywhere in the world.
    The Chairman. In your situation, were the victims, like Mr. 
Doubleday, compensated for their losses?
    Mr. Groover. Well, I was ordered to pay restitution in the 
amount of $271,902, and I've been making payments while in 
prison. In general, the bank and credit card companies lost the 
money, not as much the individual. I would like to state for 
the record I was not targeting Mr. Doubleday because he was a 
senior citizen. That just happened out of chance.
    The Chairman. How much did calculations of the chances that 
you would be caught play into your decision to commit Internet 
fraud? I should say that in the backdrop, Jeffrey, of your 
talent, your experience on the Internet coupled with what we 
believe is a more difficult crime to catch people in. How did 
that all fit into your particular action?
    Mr. Groover. Well, it's kind of hard to look back at this 
point, but I believe that I thought I would not get caught 
because of my expertise in the computer and Internet field. I 
didn't think that I would lose my family, my business, my 
possessions. I didn't think I would be put in a human warehouse 
a thousand miles from my home. I didn't think about all of 
those things. So it's kind of hard to say what I was thinking 
about at that time. Had I thought long and hard, I wouldn't 
have done it.
    The Chairman. Sure. You have mentioned at least one measure 
and you spoke of possibly others. How would you advise law 
enforcement in the pursuit of Internet criminals between 
States. I say that because you said you stood still. If you 
were intent on a criminal act and if you were operating, if I 
can use the term, from a criminal mind, you said it would have 
been much more difficult to catch you, or to catch someone like 
you. What recommendations do you offer up to law enforcement?
    Mr. Groover. That is correct. Actually, in explanation, I 
initially started out trying to pay back the credit that I was 
using, and I was paying some of it back. But it doesn't always 
work out that way. So I did stay in one place.
    What I would recommend to law enforcement is to set up an 
Internet crime clearinghouse to coordinate efforts between 
agencies; to set up an online Internet crime information center 
where citizens can find out about companies and people that are 
doing crime on the Internet. The object is, is to keep the 
criminals running and moving without giving them an opportunity 
to stay in one place and create large amounts of these frauds 
that are going on.
    The Chairman. For a young person to be active on the 
Internet and have certain skills is one thing; for senior 
citizens who have never ventured on and are now venturing on in 
great numbers, as both myself and Senator Collins mentioned, 
what can senior citizens learn from your case of Internet 
fraud?
    Mr. Groover. They should learn the following. Deal with 
reputable companies. Don't give out personal information over 
the Internet, such as Social Security numbers and birth dates. 
When in doubt, check out the company. If you can't reach them 
by phone, they don't publish a physical address on their Web 
site, they don't exist. Report fraudulent activity right away, 
and follow up on it. Don't open suspicious e-mail messages or 
attachments. If you think someone has stolen your identity, 
immediately inform in writing the credit bureaus, all of your 
creditors, including credit card companies, and make sure that 
you state that no credit is to be issued unless you are 
contacted first.
    Also, take a class on Internet use and join a users group 
in your area, and learn how to share and exchange ideas and 
information the way it was meant to be done.
    If there is any benefit from what I've recommended, let it 
be that I have helped people to become empowered to protect 
themselves better from these types of crimes.
    The Chairman. Well, Jeffrey, thank you very much for those 
suggestions. Now let me turn to my colleague Senator Collins 
for questions she might ask.
    Senator Collins. Thank you, Mr. Chairman.
    Do you think that you would have been able to commit the 
financial crimes that you did engage in were it not for the 
Internet? Prior to the Internet, would you have been able to 
get access to the information that you needed to steal other 
people's identities and then use their credit?
    Mr. Groover. No, Senator.
    Senator Collins. So this is a crime that you would not have 
been able to even conduct were it not for the Internet?
    Mr. Groover. Correct.
    Senator Collins. One of the problems of identity theft for 
the victims is that often it takes them a great deal of time to 
realize that they are victims of identity theft, and by that 
time, hundreds of thousands of dollars can be charged to their 
credit cards. How did your victims discover that you had stolen 
their identities?
    Mr. Groover. That I'm not exactly clear on, but I would 
imagine that they probably got a call from a credit card 
company of some sort and--asking them about a particular charge 
or something of that nature.
    Senator Collins. Do you have any other specific 
recommendations for us on how individuals can protect 
themselves or what procedures banks or other sources of credit 
could put in place to help prevent Internet thefts?
    Mr. Groover. Yes, I do. The first one would be to request a 
pass code to be used for all online credit card transactions, 
different from a PIN.
    Senator Collins. What do you mean by a pass code, exactly?
    Mr. Groover. Like a word or a phrase or something like 
that, or even a long number, that would be used that would 
verify that you are actually the person that is the owner of 
that credit card. For example, right now if you drop your 
credit card outside and someone picks it up, they can go right 
online and start using it. Without--with a code that they would 
have to use that would be verified in the automatic 
verification system, they would be required to enter that code, 
and if they didn't have that code, the transaction would be 
declined.
    Senator Collins. Are there any other recommendations you 
would like to share with us?
    Mr. Groover. To require all merchants to have their credit 
cards processed by a U.S. bank and not done offshore. This 
would prohibit some of the scams that are going on right now in 
which they are running up let's say $150--or under a ceiling of 
$150 or $180 in each transaction, and when it's offshore, they 
don't have to get a clearing for that transaction, and are 
guaranteed payment. So when it is done offshore, they are going 
to get their money no matter what, the criminal is, whereas 
when it's done by--it's processed by a U.S. bank, the credit 
card companies don't lose anything and neither does the credit 
card holder.
    Senator Collins. Thank you very much. Thank you, Mr. 
Chairman.
    The Chairman. Well, Jeffrey, we thank you very much again 
for your willingness to testify, your openness and your 
candidness as to what we might do to assist in stopping either 
the criminal or, obviously, someone who finds themselves in a 
situation, as you did, where you acted in a criminal way to 
assist yourself. So we do appreciate that very much, and we can 
ask you to stand down. Thank you.
    Mr. Groover. Thank you.
    The Chairman. We would ask our second panel to come 
forward, please.
    Good morning, everyone. We appreciate our second panel 
being with us. Let me introduce them to the committee.
    David Nahmias, Deputy Assistant Attorney General for the 
Department of Justice, Criminal Division; Lawrence E. Maxwell, 
Assistant Chief Inspector for the U.S. Postal Inspection 
Service; Howard Beales, Director of the Bureau of Consumer 
Protection for the Federal Trade Commission; Tanya Solov from 
the Chicago Secretary of State's Office, representing the North 
American Securities Administrators Association; and Dave 
Jevans.
    Mr. Jevans. Jevans.
    The Chairman. Jevans, like Evans.
    Mr. Jevans. Just like Evans, but with a J.
    The Chairman. All right. Thank you. Chairman of the Anti--
this is a fascinating term, Senator--Phishing Working Group, 
who is working closely with the finance and e-commerce industry 
on Internet crime. In this instance, ``phishing'' is 
pronounced--or spelled p-h-i-s-h-i-n-g. David, be willing and 
able to explain yourself on that one. All right? Fine.
    Dave, we will start with you. Please proceed.

 STATEMENT OF DAVE NAHMIAS, DEPUTY ASSISTANT ATTORNEY GENERAL, 
    CRIMINAL DIVISION, DEPARTMENT OF JUSTICE, WASHINGTON, DC

    Mr. Nahmias. Good morning, Mr. Chairman. I am pleased to 
have this opportunity to appear before this committee and 
discuss what the Department of Justice is doing to combat 
Internet fraud, with particular regard to its impact on senior 
citizens. I have submitted written testimony for the record, 
which I will briefly summarize now.
    As Howard Beales of the Federal Trade Commission can 
discuss in more detail, Internet use by all demographic groups, 
including seniors, continues to increase rapidly. 
Unfortunately, Internet crime is increasing even more rapidly, 
with both Internet fraud complaints and identity theft 
complaints filed with the FTC tripling in the past 3 years. 
Scams ranging from bogus investment deals to schemes that 
exploit online auctionsites are widely prevalent on the 
Internet and pose serious risks to the financial well being of 
senior citizens and other Internet users.
    The Department of Justice and our law enforcement and 
regulatory partners take these trends very seriously, and we 
have devised a number of responses that includes an aggressive 
program of criminal enforcement. Last year, for example, the 
Department spearheaded two nationwide takedowns of prosecutions 
directed at online economic crime. Operation E-Con, announced 
in May 2003, and operation Cyber Sweep, announced in November 
of last year, involved the combined total of more than 215 
criminal investigations directed at schemes that victimized 
more than 214,000 people out of more than $276 million. These 
operations resulted in the arrest or conviction of more than 
255 people, including more than 70 indictments stemming just 
from Operation Cyber Sweep in November.
    These two takedowns included prosecutions of large-scale 
Internet fraud schemes involving bogus investments, phishing 
and other identity theft schemes, fraudulent online 
pharmaceutical sales, and other cases in which senior citizens 
and others were at risk of loss or harm. In Operation E-Con, 
for example, one case successfully prosecuted by the U.S. 
Attorney's Office for the Eastern District of California 
involved an online Ponzi scheme known as the Tri-West 
Investment Club, which took in nearly $60 million from 15,000 
investors worldwide. Another online Ponzi scheme that Operation 
E-Con shut down defrauded more than $8 million from 23,000 
investors.
    These online investment frauds are of particular concern 
for seniors, who seek financial information online more than 
any other group of Internet users and who typically have more 
assets to lose and less opportunity to recover from losses.
    The Federal courts generally appear to be handing down 
significant sentences for these offenses. For example, in one 
case of phishing that the U.S. Attorney's Office for the 
Eastern District of Virginia prosecuted as part of our 
Operation Cyber Sweep, the lead defendant received 46 months 
imprisonment and her confederate was sentenced to 37 months in 
prison.
    In another Cyber Sweep identity theft and fraud case 
prosecuted by the U.S. Attorney's Office for the Southern 
District of New York, one defendant, who with his co-
conspirators had stolen banking and pedigree information which 
they then used to open PayPal accounts and fund those accounts 
by direct transfers from victim bank accounts, received 30 
months imprisonment. A codefendant is awaiting sentencing. All 
those sentences, of course, in the Federal system are without 
parole.
    Currently there are several Federal sentencing guideline 
enhancements that may enable prosecutors to seek higher 
sentences in fraud cases where senior citizens are victimized. 
But these enhancements sometimes do not capture the full harm 
done, especially by identity theft. The administration, 
therefore, has supported the Identity Theft Penalty Enhancement 
Act, S. 153, which would create a new offense of aggravated 
identity theft to ensure a minimum 2-year sentence enhancement 
in a variety of serious fraud-related offenses and would expand 
the scope of the existing identity theft statute, 18 U.S.C. 
Section 1028(a)(7). The Senate has passed that bill, and this 
morning one of my colleagues from the Criminal Division is 
testifying before a subcommittee of the House Judiciary 
Committee in support of the House version of that act.
    The successes that we have had to date against online fraud 
would not have been possible without support from and close 
coordination with many law enforcement and regulatory partners. 
I am pleased to say that the FTC, through its outstanding 
Consumer Sentinel data base of consumer complaints and its 
enforcement efforts, has been a valued partner in the takedowns 
I discussed, along with the Postal Inspection Service, the FBI, 
the U.S. Secret Service, the Bureau of Immigration and Customs 
Enforcement, and other Federal, State, and local agencies.
    We also work closely with foreign governments, such as 
Canada and Nigeria, and with private sector groups such as the 
Anti-Phishing Working Group.
    Finally, training our prosecutors and investigative agents 
about Internet fraud and educating the public about how to 
prevent and avoid Internet fraud are key pieces of our overall 
enforcement strategy.
    Mr. Chairman, that concludes my opening remarks. I would be 
happy to take questions from the committee now or after all the 
witnesses on this panel have testified, as you prefer.
    [The prepared statement of Mr. Nahmias follows:]

    [GRAPHIC] [TIFF OMITTED] T3526.001
    
    [GRAPHIC] [TIFF OMITTED] T3526.002
    
    [GRAPHIC] [TIFF OMITTED] T3526.003
    
    [GRAPHIC] [TIFF OMITTED] T3526.004
    
    [GRAPHIC] [TIFF OMITTED] T3526.005
    
    [GRAPHIC] [TIFF OMITTED] T3526.006
    
    [GRAPHIC] [TIFF OMITTED] T3526.007
    
    [GRAPHIC] [TIFF OMITTED] T3526.008
    
    [GRAPHIC] [TIFF OMITTED] T3526.009
    
    [GRAPHIC] [TIFF OMITTED] T3526.010
    
    [GRAPHIC] [TIFF OMITTED] T3526.011
    
    [GRAPHIC] [TIFF OMITTED] T3526.012
    
    [GRAPHIC] [TIFF OMITTED] T3526.013
    
    [GRAPHIC] [TIFF OMITTED] T3526.014
    
    [GRAPHIC] [TIFF OMITTED] T3526.015
    
    [GRAPHIC] [TIFF OMITTED] T3526.016
    
    The Chairman. Thank you, Dave. We will ask questions, 
either individually or collective, of all of you after the 
testimony is given. Now let me turn to Lawrence Maxwell, 
Assistant Chief Inspector, U.S. Postal Inspection Service.

 STATEMENT OF LAWRENCE E. MAXWELL, ASSISTANT CHIEF INSPECTOR, 
         U.S. POSTAL INSPECTION SERVICE, WASHINGTON, DC

    Mr. Maxwell. Thank you, Mr. Chairman. I appreciate 
appearing before you, particularly on this very timely and 
important matter.
    I have submitted some lengthy comments comprehensive with--
--
    The Chairman. All of those become a part of the record. 
Thank you.
    Mr. Maxwell. Great. I will summarize those here briefly.
    This has become more of a concern. In my formative years as 
an agent, certainly we saw a lot of victimization of elderly in 
telemarketing and boiler rooms. Back in the years I worked in 
New York, we investigated many, saw a lot of potential happy 
lives ruined. As this evolved, today, now with the Internet, as 
you have just heard, things have become a lot more of concern, 
with the speed of the Internet and the ease of it. Where I 
previously worried about the generation before me, now, as I 
approach those years, I am starting to worry about myself as 
well and my generation. We face the same issues.
    The Inspection Service enters in--I will just briefly give 
you a history. We mirror the long, colorful history of the 
United States. We were formed by Benjamin Franklin. We were 
formed to protect the Postal Service and, as it turned out, we 
were the only Federal agents at the time that could serve in 
the hinterland protecting mail shipments, anything of secure 
value. Of course, we have had a colorful history battling stage 
coach robberies and train robberies.
    As we came into the modern era, the inspectors became very 
much involved, in their continued fight to protect the Postal 
System's carriers from robbery attack, but we also have a 
reputation for protecting the consumer. That is equally 
important, as initially all correspondence, all communications, 
all business was conducted via the mail.
    So Congress in the 1870's enacted the Mail Fraud statute, 
which today remains favored by prosecutors. It is a tremendous 
statute, has great potential even in this modern era. In fact, 
it was not until a hundred years after its enactment that it 
was even modified. That was not to give it more teeth, it was 
actually to give it more reach. In 1994, I believe, with the 
crime act, it was modified to extend to private couriers. So it 
still remains a very viable weapon in our arsenal.
    As I said, our focus continues to be to protect the 
American consumer. We pride ourselves in that. We reach every 
home in America, every business in America with delivery. We 
have a profound responsibility to the American public.
    Our fraud program consists primarily of about 300 
inspectors. We are 1,900 strong; we are one of the smaller 
Federal agencies. We are funded purely through the Postal 
Service, so we have a little room for growth, but we have to 
learn to do things smartly and we have to find creative ways to 
help us in that quest.
    Our arrest statistics throughout my career have pretty much 
stayed on par with what they were in prior years. We 
investigate roughly 3,000 or 4,000 fraud cases a year of all 
different types, primarily investment schemes, advance fee 
schemes. Of course now we are venturing into identity theft. As 
you just heard it is the fastest-growing crime in America. We 
make about 10,000 arrests a year.
    What we do not pride ourselves on is the concept more-is-
better in terms of arrest. What we have learned, and this is 
almost heresy coming from a law enforcement officer, but what 
we have learned is the less arrests we can make, as long as we 
prevent the crime, fewer people are hurt. That is where our 
focus has been. I know Senator Collins is aware of this from 
prior campaigns we have conducted. I will just give you an 
example.
    Some of the cases we have had in mail fraud--and we have 
had cases resulting in, just last year, $2 billion in court-
ordered restitution to consumers that were victimized in 
fraud--we forfeited $36 million. We put our forfeiture funds 
back into our fight against crime, much of which goes to our 
prevention efforts. But through some creativity several years 
ago, creativity and vision by a U.S. attorney and by the Postal 
Inspector agents, they approached us about formulating a 
special account with funds earmarked for fighting fraud, the 
thought being fraud is the one crime you can actually educate 
someone to protect themselves. We bought into that concept in a 
considerable way, and I still believe very strongly in fraud 
prevention through consumer education.
    As you consider the Internet and the senior citizens now 
venturing on the Internet--and I read some studies where Direct 
Mail quoted 75 percent of homes in America now have Internet 
access, which sounds high to me but certainly not shocking. As 
more people venture onto the Internet, the seniors that go on, 
certainly if they are smart enough to navigate the Internet, 
they are smart enough to be educated and taught how to protect 
themselves.
    As I said before, what is old is new today. So what is new 
on the Internet really is not new. We just have to teach people 
to find ways to see fraud as they encounter electronically. The 
Internet is a lot faster than the written word or mail 
solicitation.
    What we have done is, of course, to partner. You have heard 
in prior testimony, Operation Cyber Sweep. We were proud to be 
part of that. Project kNOw Fraud in 1999, with our friends from 
FTC, probably our strongest partners in this fight. They are 
very consumer-oriented, we share our databases, we try to go to 
that concept of one-stop shopping for the victim, because in No 
Fraud we learned that most consumers do not know where to 
complain. It is kind of tragic that, you know, you have all of 
these complaints, or possibly good criminal intelligence, and 
we are not made aware of it.
    Just last year, in the National Fraud Against Senior Fraud 
Awareness Week, which was a result of our approaching Senator 
Collins and Senator Levin who passed a resolution declaring 
Senior Fraud Awareness Week then conducted a campaign using 
literature which I have put outside, the hearing room which is 
very effective. I applaud your efforts for that support and 
hope to see more of these cooperative initiatives in the 
future. Any time you have an event of that media attention and 
public information, it is a great way to get the word out. It 
is a way of reaching people.
    What we have done with several of the cases that I 
mentioned earlier, monies coming from forfeitures and fines 
were directed by the court and by the U.S. attorney, in 
agreement with us, to put into this special consumer protection 
fund. Those are the monies that we have used for Project kNOw 
Fraud, which I mentioned earlier, for our campaign around the 
senior fraud awareness week. We are also applying it--again, 
with identity theft, we have a tremendous potential with the 
Internet, both with ``phishing'' and ``spoofing'', as I think 
will be covered in greater depth later. We have had several 
cases which involve identity theft. It is not only, as you 
mentioned in the first testimony, when people become aware, it 
is how long it takes to correct the problem. For example, one 
in their golden years certainly do not need that torment as 
they go on through the last decades of their life.
    We did produce a professionally done DVD video, which is 
about 12 minutes in length. We have a number of them outside. 
If you have not seen it, I would encourage you to view it. It 
is very well done, if I say so myself, but we had some 
professionals help. It presents in a very short way but a 
dramatic way what you should look for to protect against 
identity theft. It leaves you with an impact.
    What I would leave the panel and certainly open up to 
questioning is my view on this education and prevention remains 
strong. If there is a way to funnel funding for agencies to 
continue this, either through fines, perhaps through 
forfeiture, I would welcome that and certainly be happy to work 
toward that effort. There are other powers we probably could 
use that might help on the Internet. It is a little more of a 
difficult problem than what we faced with the West African 419 
letter, for instance. Those were actual tangible letters. We 
seized about 5 million of them after we reached agreement with 
the countries of Nigeria and Ghana, and we were able to destroy 
them before they did the damage.
    However, what happened, was when they realized we were 
stopping them from getting their pitch to their victims, they 
moved onto the Internet. That is a little tougher challenge for 
us. So we have some thoughts on that, but anything you or the 
committee could recommend would be greatly welcomed by us.
    I thank you for your time.
    [The prepared statement of Mr. Maxwell follows:]

    [GRAPHIC] [TIFF OMITTED] T3526.017
    
    [GRAPHIC] [TIFF OMITTED] T3526.018
    
    [GRAPHIC] [TIFF OMITTED] T3526.019
    
    [GRAPHIC] [TIFF OMITTED] T3526.020
    
    [GRAPHIC] [TIFF OMITTED] T3526.021
    
    [GRAPHIC] [TIFF OMITTED] T3526.022
    
    [GRAPHIC] [TIFF OMITTED] T3526.023
    
    [GRAPHIC] [TIFF OMITTED] T3526.024
    
    [GRAPHIC] [TIFF OMITTED] T3526.025
    
    [GRAPHIC] [TIFF OMITTED] T3526.026
    
    [GRAPHIC] [TIFF OMITTED] T3526.027
    
    [GRAPHIC] [TIFF OMITTED] T3526.028
    
    [GRAPHIC] [TIFF OMITTED] T3526.029
    
    [GRAPHIC] [TIFF OMITTED] T3526.030
    
    [GRAPHIC] [TIFF OMITTED] T3526.031
    
    [GRAPHIC] [TIFF OMITTED] T3526.032
    
    [GRAPHIC] [TIFF OMITTED] T3526.033
    
    The Chairman. Lawrence, thank you very much for your 
testimony. Now let us turn to Howard Beales, Director of the 
Bureau of Consumer Protection for the Federal Trade Commission.
    Howard, welcome to the committee.

    STATEMENT OF J. HOWARD BEALES, III, DIRECTOR, BUREAU OF 
CONSUMER PROTECTION, THE FEDERAL TRADE COMMISSION, WASHINGTON, 
                               DC

    Mr. Beales. Thank you, Mr. Chairman, and thank you, Senator 
Collins. I look forward to this opportunity to provide our 
testimony about Internet fraud and its effect on senior 
citizens.
    The Internet is one of the most revolutionary marketing and 
communications tools that we have seen in a long time and it 
plays an increasingly central role in consumers' lives. 
Unfortunately, as consumers have turned to the Internet, so too 
have scam artists. Last year, for the first time, Internet-
related fraud complaints exceeded other fraud complaints, 
comprising 55 percent of all fraud complaints. It was also the 
first year in which consumers reported that the Internet 
outstripped the telephone as the point of their first contact 
with the fraudulent scheme.
    However, Internet fraud does not yet appear to be affecting 
seniors age 60 and over as much as other age groups. During 
2003, only 28 percent of the complaints from seniors concerned 
Internet-related fraud, and only 6 percent of the Internet-
related fraud complaints from all consumers came from seniors. 
Moreover, seniors continue to report that their first contact 
with scammers came predominantly by telephone. In our 
experience, Internet scams generally do not target the elderly 
as a specific group, but they seek consumer victims regardless 
of demographic criteria.
    Nonetheless, Internet scams that cause significant 
financial injury can be particularly devastating to seniors, 
many of whom live on limited or fixed incomes. Scams that 
facilitate identity theft are of particular concern. ID theft 
strikes all segments of the population, and it is not 
surprising to find that older Americans are also targets of 
this crime.
    Although consumers who are age 60 or over are no more 
likely to become victims of identity theft, the crime appears 
to affect them in distinct ways. For example, while 33 percent 
of all consumers who filed ID theft reports experienced some 
sort of credit card fraud, 44 percent of those 60 or older were 
victims of credit card fraud. A greater percentage of older 
Americans reported ID theft attempts to the FTC than did the 
general population.
    Under our civil law enforcement authority, the FTC has 
brought actions to stop practices that involve or facilitate 
identity theft. Our cases have attacked pretexting, where 
scammers use false pretenses to obtain consumers' confidential 
financial information. We have also attacked phishing, where 
criminals use spam to trick consumers into revealing 
confidential payment information. These schemes use Web sites 
that appear identical to the sites of legitimate companies with 
whom consumers do business, and they as consumers to update or 
validate their information. In fact, just yesterday the FTC and 
the Department of Justice announced a joint law enforcement 
initiative that shut down a phishing scheme.
    Last year, auction fraud accounted for nearly half of all 
Internet-related fraud complaints consumers reported to the 
FTC. Among consumers age 60 and over, it was 29 percent of all 
Internet-related complaints and ranked third in the top 15 
product or service complaints reported by consumers. In light 
of this data, the Commission launched Operation Bidder Beware, 
an enforcement sweep targeting Internet auction scams. The 
sweep combined the efforts of the FTC, 29 participating State 
attorneys general, and numerous local law enforcers. Working 
together, we brought more than 50 criminal and civil 
enforcement actions against various Internet auction scams. We 
also kicked off an extensive Federal-State consumer education 
campaign featuring a dedicated Web page with information on how 
to avoid auction fraud.
    Another source of misleading Internet promotions is 
products or services that promise to cure or treat serious 
diseases or conditions such as cancer, heart disease, 
arthritis, and diabetes. Older consumers constitute a large 
part of the market for health-related services and remain 
vulnerable to misleading claims and fraudulent practices.
    To address these problems, we launched Operation Cure-All, 
a coordinated FTC, law enforcement, and consumer and business 
education initiative with a bilingual Web site. Last month, the 
FTC announced a final order banning a Canadian company from 
offering a sham cancer therapy on its Internet Web site which 
referred U.S. citizens to the company's clinic in Tijuana, 
Mexico, a true North American free fraud.
    One of the problems in prosecuting Internet fraud is that 
the Internet knows no boundaries, and cross-border fraud on the 
Internet is a serious problem. In 2003, 47 percent of cross-
border complaints involved the Internet, up from 33 percent the 
year before. To date, the Commission has had foreign targets in 
over 60 cases and pursued assets offshore in more than 10 
foreign countries. To enhance our ability to pursue these 
cases, the Commission has recommended a package of legislative 
changes that will facilitate cooperation with foreign law 
enforcement authorities. Unless we can build stronger 
enforcement cooperation across borders, more and more Americans 
will fall victim to imported fraud.
    Internet fraud causes significant injury to consumers and 
harms public confidence in the Internet as an emerging 
marketplace. The FTC will continue to combat Internet fraud 
through aggressive law enforcement and consumer education. To 
date, the Commission has brought 319 Internet enforcement 
cases. Because prevention is often the best medicine, the FTC 
takes an active role in educating consumers about Internet 
scams. We have developed publications, launched dedicated Web 
pages, and worked with numerous Federal agencies and private 
sector partners to develop and disseminate plain-language 
consumer education materials in English and Spanish to protect 
all consumers, including seniors, from Internet fraud.
    We will continue that effort and we look forward to working 
with you and the committee on the combating senior fraud 
initiative.
    Thank you, and I look forward to your questions.
    [The prepared statement of Mr. Beales follows:]

    [GRAPHIC] [TIFF OMITTED] T3526.034
    
    [GRAPHIC] [TIFF OMITTED] T3526.035
    
    [GRAPHIC] [TIFF OMITTED] T3526.036
    
    [GRAPHIC] [TIFF OMITTED] T3526.037
    
    [GRAPHIC] [TIFF OMITTED] T3526.038
    
    [GRAPHIC] [TIFF OMITTED] T3526.039
    
    [GRAPHIC] [TIFF OMITTED] T3526.040
    
    [GRAPHIC] [TIFF OMITTED] T3526.041
    
    [GRAPHIC] [TIFF OMITTED] T3526.042
    
    [GRAPHIC] [TIFF OMITTED] T3526.043
    
    [GRAPHIC] [TIFF OMITTED] T3526.044
    
    [GRAPHIC] [TIFF OMITTED] T3526.045
    
    [GRAPHIC] [TIFF OMITTED] T3526.046
    
    [GRAPHIC] [TIFF OMITTED] T3526.047
    
    [GRAPHIC] [TIFF OMITTED] T3526.048
    
    [GRAPHIC] [TIFF OMITTED] T3526.049
    
    [GRAPHIC] [TIFF OMITTED] T3526.050
    
    [GRAPHIC] [TIFF OMITTED] T3526.051
    
    [GRAPHIC] [TIFF OMITTED] T3526.052
    
    [GRAPHIC] [TIFF OMITTED] T3526.053
    
    [GRAPHIC] [TIFF OMITTED] T3526.054
    
    The Chairman. Howard, thank you very much.
    Now let us turn to Tanya Solov from the Chicago Secretary 
of State's Office, representing the National American 
Securities Administrators Association. Tanya, welcome to the 
committee.

    STATEMENT OF TANYA SOLOV, DIRECTOR OF SECURITIES, NORTH 
  AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION, CHICAGO, IL

    Ms. Solov. Thank you very much. I am honored to have the 
opportunity to appear before you to present the States' views 
on protecting senior citizens against investment fraud on the 
Internet.
    As the securities director for the State of Illinois, I 
interact with elderly investors who approach me at senior 
investor education events or call my office with complaints of 
fraud. My office works with criminal authorities to prosecute 
companies and individuals who commit crimes against seniors, 
and bring civil actions for injunctions and restitution. We 
also educate seniors through publications, videos, and 
seminars.
    In a perfect storm, a number of significant events come 
together to create a devastating impact. State securities 
regulators are deeply concerned that a prefect storm for 
investment fraud is brewing, and our nation's 35 million 
seniors are most at risk. These days, seniors are seeking 
higher returns than those offered by certificates of deposit 
and other traditional income-generating investments. The 
collapse of the bubble economy and rising costs for medical 
insurance, prescription drugs, and basic living expenses have 
driven seniors to the Internet in search of alternative 
investments.
    Most seniors do not randomly surf the Internet looking for 
a place to put their savings. Instead, they use the Internet as 
a reference tool based on a solicitation or information they 
have received from a friend or an associate or during a free 
seminar. Others may just happen upon an investment Web site, or 
they are recipients of unsolicited e-mail solicitation, many of 
them touting penny stocks, real estate, or oil and gas 
ventures.
    The Internet has made it simple for a con artist to reach 
millions of potential victims at minimal cost. Investment scam 
artists do not have to spend money setting up boiler rooms, 
making phone calls, or sending mailings. They can quickly set 
up Web sites targeting investors with scams involving prime 
bank notes, viatical settlements, foreign ventures, and Ponzi 
schemes.
    Fraud can be especially damaging for older investors 
because their portfolios have less time to recover. Often, 
older victims do not report crimes because they do not want 
people to know they have lost money or made an unsound 
investment. Also, they do not know how or where to complain.
    So what can be done to combat Internet fraud? State 
securities regulators believe in combining enforcement efforts 
and financial education as the dual approach to protect 
investors. Seniors and all investors should always call their 
State securities regulator if they suspect an investment fraud. 
State regulators can tell the public whether or not the 
investment is registered in that State, whether the salesperson 
is licensed to do business, and whether or not there is any 
disciplinary history associated with the salesperson or 
company.
    A list of regulators is available on the North American 
Securities Administrators Web site at www.nasaa.org.
    In addition to education, State regulators are engaging in 
vigorous enforcement against Internet con artists. My 
colleague, Kansas Securities Commissioner Chris Biggs, recently 
announced that an investment scam promoted over the Internet 
resulted in a prison sentence of 44 months for the perpetrator 
and--fortunately in that case--a return of most of the 
investors' money. In that particular case, the fraudster was 
using the Internet and direct mail to solicit investors for a 
company called Venture Capital Investments. He guaranteed a 
high return and claimed that the investments were FDIC insured. 
In only 5 weeks, the fraudster raised about $85,000 from 30 
investors. We brought a poster showing the Web site that was 
used in that particular scam. It is off to my right there. So 
it does look like a legitimate Web site, with frequently asked 
questions and other points there. That is what the seniors were 
directed to.
    In my own State of Illinois, seniors and other investors 
were solicited to send small sums of money, in some instances 
as little as $100, to put into an entity that claimed to invest 
in developing countries. In the end, the scam collected over 
$20 million. Because the con artist in that case spent most of 
his investment locally, many of his purchases were seized, 
forfeited, and sold. The investors who applied for restitution 
received their money back, and the scamster and 12 other 
defendants were sent to prison.
    State securities administrators are pursuing similar cases 
across the country and they are also participating in a senior 
outreach initiative that is designed to educate seniors to 
protect themselves from investment fraud. A highlight of this 
initiative is the Senior Investor Resource Center, which is 
sponsored by NASAA. The NASAA senior resource Web site includes 
commonsense solutions to protect assets from investment fraud 
and links to a variety of investor education publications and 
programs offered by State securities regulators and others to 
assist seniors. The Web site also includes a checklist of 
questions seniors should ask before making an investment 
decision, and information about the current top fraud.
    In conclusion, I would like to say that investment fraud 
against seniors is increasing at an alarming rate. Seniors and 
all investors need more, not fewer, cops on the securities 
beat. This committee's examination of Internet fraud as it 
affects the growing online senior population is an important 
step in highlighting the problem and working toward a solution. 
My office and other State securities administrators will 
continue to play an active role in protecting seniors 
regardless of whether a large multimillion-dollar scam is 
involved or a single defrauded investor.
    I thank you and your committee for allowing me the 
opportunity to appear today. I look forward to answering any 
questions that you may have.
    Now in final conclusion, we do have a 30-second public 
service announcement that I was hoping to show regarding 
Internet fraud.
    The Chairman. Sure. Let us hear it.
    Ms. Solov. Thank you.
    [The prepared statement of Ms. Solov follows:]

    [GRAPHIC] [TIFF OMITTED] T3526.055
    
    [GRAPHIC] [TIFF OMITTED] T3526.056
    
    [GRAPHIC] [TIFF OMITTED] T3526.057
    
    [GRAPHIC] [TIFF OMITTED] T3526.058
    
    [GRAPHIC] [TIFF OMITTED] T3526.059
    
    The Chairman. Thank you. Well done. Directly to the point.
    Now let us turn to our last panelist this morning, David 
Jevans--I am working at it, David--the chairman of the Anti-
Phishing Working Group, who is working closely with the finance 
and e-commerce industry on Internet crime. David, welcome to 
the committee.

  STATEMENT OF DAVID JEVANS, CHAIRMAN, ANTI-PHISHING WORKING 
                    GROUP, REDWOOD CITY, CA

    Mr. Jevans. Thank you, Mr. Chairman.
    I have been asked today to provide some insight on the 
problem of e-mail phishing, its impact on senior citizens as 
they get online and increase their use of the Internet.
    First, I would like to start out with a definition of 
phishing.
    The Chairman. Thank you. [Laughter.]
    Mr. Jevans. Then I will address the spelling.
    The Chairman. All right.
    Mr. Jevans. ``Phishing'' is a hacker term for a particular 
type of e-mail fraud. The fraud is perpetrated by scammers and 
spammers. Typically, a spam is sent to random users on the 
Internet pretending to be from a legitimate bank, Internet 
service provider, e-commerce company, or Government agency. 
This e-mail looks exactly like an e-mail that you would expect 
to receive, complete with e-mail address, logo, and other 
branding elements of the legitimate Web site. However, the e-
mail is not really from who it says it is from. It is from a 
fraudster. They are luring the consumer to a fake Web site in 
order to trick them into revealing their credit card details, 
bank account information, online banking password, or other 
personal identity information.
    I would like to show some black-and-white printouts of some 
screen shots of phishing sites and illustrate how realistic 
they are.
    First, you will see here an e-mail that appears to come 
from eBay. It has the logos. I have circled some elements here. 
At the top it will have a spoofed e-mail address. So it says it 
is from Secret Service at ebay.com. It will have the logo. It 
will have links that claim to be from eBay--they say go to eBay 
billing center. However, they are actually disguised links to 
some other Web site.
    When you click on those links, you will be brought to a Web 
site that looks just like, for example in this case, the eBay 
site. You will see the logo, you will see requests for 
sensitive information, such as your user ID and password. Many 
times you will see other information being requested, such as 
your credit card information, your address, and in this case, 
your ATM PIN code.
    Here is one that is a little more nefarious. This is from a 
major bank. What they have done here is, in the main window, 
they take you to the real bank Web site. You can see it at the 
top there. That is the Web site of the real bank. However, 
there is a pop-up window asking you to log in with your card 
number and your password and expiration. If you type that 
information into that window, it goes to a server in Russia.
    Banks and e-commerce companies are not the only targets. 
Here is one from a major Internet service provider, AT&T. The 
fraudster is using their logo and claiming that you have to 
update your credit card information to continue to keep your 
account active.
    Last summer, the FBI termed phishing the hottest and most 
troubling new scam on the Internet. Indeed, reports of phishing 
attacks jumped over 400 percent during the 2003 Christmas 
holiday season, according to the most recent analysis by the 
Anti-Phishing Working Group. Worse, the increasing realism of 
these phishing messages, including logos and professionally 
designed forms for entering credit card information and bank 
account data, have made them ever more successful. The average 
positive response rate is between 1 and 5 percent for the 
people who receive them.
    Phishing attacks are also increasing in frequency, scope, 
and sophistication. Recently, Citigroup, Lloyds TSB, Barclays 
Bank have all been subject to phishing attacks that spoofed 
their identities in pursuit of customer account, debit and 
credit card data. Within the last year, Wachovia Bank, Bank of 
America, US Bank, Bank of Montreal, Westpac Bank, and ANZ Bank 
of Australia have all been hit by phishing scams. Although 
financial service firms were obvious initial targets for 
phishing attacks, adept identity thieves have expanded their 
phishing operations to exploit a number of Internet consumer 
brands and Government agencies, including Yahoo!, eBay, PayPal, 
Monster.com, Bestbuy.com, Microsoft MSN, and even the FDIC.
    The term ``phishing'' comes from the analogy that Internet 
scammers are using e-mail lures to fish for passwords and 
financial data from the sea of Internet users. Now, it is 
spelled with a ph instead of an f. Ph is a common hacker 
replacement for an f, and it is a nod to the original hacking, 
really, from the early 1970's known as phone phreaking. In 
fact, it is the origin of a lot ph-spelling used in many hacker 
pseudonyms and hacker organizations.
    Phishing scams are of particular concern to the senior 
community. A recent survey by Nielsen/NetRatings indicates that 
those 65 and older are the fastest-growing group online, and 
they are increasing their presence on the Internet by 25 
percent in 2003. These consumers are new to the Internet and, 
as such, are not educated about the dangers of phishing fraud.
    Another significant demographic fact is that persons over 
the age of 50 control at least 70 percent of the nation's 
household net worth. It is estimated that the elderly will 
control approximately $10 trillion in assets within the next 10 
years. Because phishing is a financial crime, seniors make 
particularly appealing targets. Fortunately, it is still 
difficult for phishers to target seniors specifically. However, 
there are e-mail data bases available on the Internet that are 
used by spammers for sending spam. These data bases often do 
categorize e-mail addresses by the interests of each consumer. 
Thus, it is feasible for a phisher to obtain or derive a list 
of e-mail addresses that could be used for more targeted 
attacks.
    The senior population make appealing targets, and should be 
particularly careful of phishing attacks because they 
potentially have the most to lose. If a banking or investment 
account were to be compromised, the phisher would have access 
to significant assets. Also, if personal identity information, 
such as a Social Security number, is obtained by a phisher, the 
criminal can apply for bank loans or credit cards using the 
identity of the consumer. Because many seniors have good credit 
ratings and more sizable assets, the phishers will be able to 
obtain larger loans and credit limits.
    I recommend that consumers exercise caution when they 
receive any e-mail that requests personal identity or financial 
information. Any e-mail that takes you to a Web site that 
requests such information should also be inspected carefully. 
Because the sender can be faked in e-mail, consumers cannot 
trust that an e-mail was sent to them from their bank, ISP, or 
e-commerce site just by looking at the From field of the e-
mail.
    I would like to share a few recommendations for consumers 
to protect themselves.
    First, examine the Web address or URL of any Web page you 
are taken to by an e-mail. If that Web page does not match the 
Web address you are used to, be very suspicious.
    In my experience, I have almost never seen a legitimate 
reason for a Web site to ask for a Social Security number. Any 
site that asks for this information should be regarded with 
great suspicion.
    Similarly, there is no reason for any site to request your 
ATM PIN or password. Any site that requests this is fraudulent.
    If you receive an e-mail purporting to be from a company, 
bank, or even Government agency that you do not do business 
with, and this e-mail requests personal identity or financial 
information, be extremely suspicious. There have been instances 
in recent months where e-mails were sent out purporting to be 
from the FDIC or Regulations.gov Government agencies. These e-
mails have used scare tactics to frighten consumers into 
divulging personal information.
    Consumers should always use anti-virus software and keep it 
up to date. You should also do weekly scans of your computer 
for viruses or Trojans.
    My last tip is consumers should also keep their computer 
software up-to-date with the latest updates from Microsoft. 
There are new updates issued by Microsoft every week or two, 
and they are usually to fix new security problems that phishers 
could exploit.
    The Anti-Phishing Working Group has been organized to 
develop an acceptable solution to e-mail phishing scams. This 
is an organization of over 180 members from financial 
institutions, law enforcement, ISPs, and the e-commerce 
community. I am the chairman of the organization, and my day 
job is senior vice president at Tumbleweed Communications, a 
vendor of secure e-mail and anti-spam technology.
    The Anti-Phishing Working Group has established the 
www.antiphishing.org Web site as a repository of information 
about phishing. The site contains a news feed of articles about 
phishing as well as an ever-expanding archive of known phishing 
e-mails and Web sites. Proposed technology solutions, lists of 
vendors and Government agencies who can help combat phishing 
are also listed on the site.
    The working group members are exploring technology 
solutions to allow businesses to authenticate or digitally sign 
their e-mails to consumers. These techniques would allow 
consumers to determine that the sender of an e-mail was really 
who it purported to be. There are other technology solutions 
being tested, including detection and scanning services.
    Members of the Anti-Phishing Working Group are working 
together to develop educational messages and best practices for 
consumers and companies. The working group is working with 
other organizations that are looking to combat Internet fraud, 
including the Bankers Information Technology Secretariat and 
the Information Technology Association of America. Consumers 
should also be aware that the Federal Trade Commission and the 
U.S. Department of Justice have advisory bulletins and other 
information available on their Web sites.
    That concludes my remarks. Thank you.
    [The prepared statement of Mr. Jevans follows:]

    [GRAPHIC] [TIFF OMITTED] T3526.060
    
    [GRAPHIC] [TIFF OMITTED] T3526.061
    
    [GRAPHIC] [TIFF OMITTED] T3526.062
    
    [GRAPHIC] [TIFF OMITTED] T3526.063
    
    [GRAPHIC] [TIFF OMITTED] T3526.064
    
    [GRAPHIC] [TIFF OMITTED] T3526.065
    
    [GRAPHIC] [TIFF OMITTED] T3526.066
    
    The Chairman. Well, David, thank you for that testimony and 
that explanation. In fact, as you were showing that first eBay 
lure, I guess, I am having these quick memory flashbacks. 
Literally on Saturday of this past weekend, I was at my son-in-
law's home, who makes his living servicing the Internet for a 
provider, and we were accessing eBay to look at some activity 
on eBay and he went by one of those, saying, Oh, that is a 
phony, and just passed it by. I never asked why.
    I now know. He knew, obviously, because he spends a good 
deal of his professional life there. But it is fascinating that 
you would pull that one up today, because that was literally 
one that he had on his computer or had been sent to him, and he 
passed it by very quickly, saying, That is a phony. I never 
questioned him. But I find that very curious. Thank you.
    Dave, let us come back to you. You mentioned Senate Bill 
153, that has already passed the Senate. Hearings are going on 
today. Could you reiterate for us the importance of having 
Federal statutes that impose stiff penalties on these types of 
crimes that are embodied within Senate Bill 153?
    Mr. Nahmias. Well, as I mentioned, the existing penalties 
are, in most cases, pretty good, both the underlying Federal 
sentencing guidelines and enhancements that can be used where 
the criminals target particularly vulnerable victims or people 
particularly susceptible to crimes.
    In the case of identify theft, our concern is the way the 
guidelines work. Someone who commits identity theft, which is 
almost always part of another crime, they get your identity to 
use your credit card information or commit some other fraud. 
Under the guidelines those crimes merge and there is no 
additional penalty in most cases for the identity theft portion 
of that crime, even though it tends to create a different kind 
of harm to the victim. We are supporting this bill that has 
passed the Senate, which would impose a--in most cases a 2-year 
minimum additional penalty on top of the underlying penalty for 
the crime committed with the stolen identity information, and 
thereby serve as a deterrent to people who would potentially 
commit crimes with identity theft information.
    In the case of a crime that relates to terrorism, the 
additional penalty would be 5 years, and we believe that that 
would be an important enhancement to the overall scheme of 
punishing people who commit these kinds of crimes.
    The Chairman. Can you tell us more about the involvement of 
organized criminal networks in financial fraud cases in 
general, and I should say, who are the major players and where 
do they originate from as you now know it?
    Mr. Nahmias. Some of my fellow panelists may be able to 
speak to this as well, but----
    The Chairman. In all of these questions, as the person 
asked pauses at the end, if you have additional information to 
put into it, please do so for the record. Thank you.
    Mr. Nahmias. I think in our experience our prosecution of 
Internet fraud cases indicate, you see everything from 
individuals like the person who testified on your first panel, 
to organized groups, both domestic and international. We are 
not aware of any specific cases in which traditional organized 
crime groups such as La Cosa Nostra or motorcycle gangs have 
been particularly involved in these kinds of Internet fraud 
schemes, although much of the activity does involve groups of 
people acting together. The only other thing I would say is 
Internet crime is an extension of traditional fraud schemes as 
Mr. Maxwell was talking about. It is the same schemes we have 
seen for years using this particularly----
    The Chairman. Just a new vehicle?
    Mr. Nahmias. A new vehicle which is a very valuable vehicle 
for criminals because it is so anonymous, easy to do over 
distances and very hard for law enforcement to crack into 
because the data is often fleeting, and unless you get onto it 
quickly it may be gone.
    So as traditional organized crime groups see how these new 
tools can be used, there is not reason to think that they will 
not try to use them as they have other tools in the past.
    Mr. Maxwell. I would agree with that, Mr. Chairman. The 
only additional information I would throw out is because most 
of the situations we have had here in the United States are 
primarily one individual or two. Child exploitation sometimes 
involves a couple or two or three people, but in most fraud 
schemes we have had it has been one individual or two with the 
exception of those coming from abroad.
    We have some concerns about some of them coming from the 
former Eastern Bloc via the Internet. It was mentioned I think 
earlier there was a site going back to Russia. Those are the 
concerns because they present such a challenge in terms of 
prosecuting and enforcement, and those are the difficulties we 
are facing now.
    We are exploring strategies, primarily with Canada. There 
is a cross-border crime forum, as you are probably very well 
aware of, which we have an Internet telemarketing group, and we 
are part of that along with our colleagues in the other 
agencies and FTC. That shows a lot of promise, but it has been 
going on for 10 years and we still have a lot more to 
accomplish, but that will be a proving ground for what may come 
in the future.
    The Chairman. Anyone else? Yes, David.
    Mr. Jevans. Mr. Chairman, in the last 7 months we have seen 
phishing sites from being largely hosted in the United States 
to being hosted primarily in Eastern Europe as well as in Asia. 
This makes it very difficult to tear the sites down. Instead of 
being able to tear it down in a few hours, maybe half a day, it 
can take up to 160 hours, basically a week, to tear the sites 
down.
    The other thing we have seen is that these do tend to be 
groups of two or three people who largely meet in online chat 
rooms. They are basically working from home, and it will be a 
spammer, a fraudster and maybe a virus writer.
    Ms. Solov. If I may also, from the State perspective, the 
fraud, for example, that I mentioned from the State of 
Illinois, that started as a one-man operation by a retired 
electrician in a very small town in Illinois. Then as he made 
money, he drew other people in to assist and ultimately there 
were, I believe, 18 defendants in that case, most of whom were 
convicted. That is what we are seeing at the State level.
    But very commonly, with regard to investment fraud, 
individuals are invited to a free seminar where they get coffee 
and donuts and an explanation about, for example, some great 
real estate venture. Then they are encouraged to go to a 
website to ``verify'' that all of the information presented at 
the seminar is in fact true and accurate. We find that that is 
often happening with senior citizens who attend seminars and 
then use the Internet as a verification tool.
    The Chairman. You said something I think very important, 
and I watched it in older people who I know and some within my 
family, who never were heavy stock investors, but they 
accumulated substantial amounts of money and they had a lot of 
CDs, and the CD market, as you know, is no place to be today 
because of the interest being paid, and so they are really 
impacted by a decline in revenue that they had adjusted to 
because of their CDs, and they are out looking and asking, and 
I have parents, my wife has parents, who ask us those 
questions. Where do we go to get a better return on our 
investment? I think they must be phenomenally susceptible to 
the kind of thing you have spoken to.
    Ms. Solov. Yes, and that is a line that is very commonly 
used. The con artists say, ``You are not really making any 
money on the certificate of deposit. In fact, you are probably 
losing money ultimately, so here are some alternative 
investment opportunities.''
    The Chairman. I mentioned something in my testimony--and 
maybe, Dave, you can respond to it, or certainly any of you who 
wish. A few weeks ago we held hearings in this room on the 
implementation of the soon-to-be prescription drug discount 
card, and there is a lot of work being done to stand up 
websites where they can go online and look at different 
opportunities, go online to look at difference in pricing. We 
are asking seniors to become much more knowledgeable in 
accessing the Internet for the purpose of accessing knowledge 
on how to buy drugs and all of that type of thing, and this 
will accelerate. Have any of you done any thinking about the 
potential fraud that is going on in that area, and has the 
Department of Justice taken notice of this as a real 
possibility?
    Mr. Nahmias. Senator, that is a very good question, and 
actually the FDA, the Food and Drug Administration is the 
agency on the front line of that issue of ensuring that the 
drugs are safe. Although the Department of Justice and our law 
enforcement regulatory partners need to provide a supporting 
role in terms of the FDA's enforcement effort, that issue is 
being examined by a task force in the administration. The 
Conference Report for the Medicare Modernization Act required 
the Secretary of HHS to examine the issue of drug importation 
and look at limits on resources and legal authorities. I know 
both within the Department of Justice and within the 
administration, that is an area that we are looking at because 
of the concern that on the one hand we are expanding the 
funding in that area and directing people to the Internet as a 
source of information; on the other hand we realize that where 
there is money and where there is the Internet, there is a 
potential for criminal activity. So I think that is an area 
that we are concerned about and we are trying to get on the 
front end of.
    The Chairman. You are right to assume there is going to be 
a substantial amount of money flowing in that respect.
    Anyone else wish to comment on that?
    Mr. Maxwell. It presents a little bit of a problem from my 
agency's standpoint. I have had several discussions with our 
counterparts at Food and Drug Office of Criminal Investigation, 
and also I met with our counsel's office, and I guess our 
jurisdiction really was somewhat limited to the fraud end of 
those types of promotions. If they can enhance some of the 
other provisions in terms of either under a DEA schedule or 
some other type of avenue for us, we could probably have more 
reason to be involved. We certainly do welcome and we recognize 
the problem. I remember there were hearings on this two or 3 
years ago and that created quite a stir.
    The Chairman. Lawrence, let us stay with you. We have all 
talked about seniors and their fixed incomes, but also we 
talked about the money they have and the money they seek to 
invest, and they have tremendous buying power as a class of 
citizen in our country, and they give a lot. They are very 
charity minded.
    Are you able to tell us if any charity monies given by 
seniors has found its way into the hands of suspected terrorist 
organizations?
    Mr. Maxwell. That is the question of the hour, actually, 
because we had inspectors assigned to Green Quest, which was 
the first initiative back under Treasury, and it has morphed 
into some different names now, but with a focus primarily on 
that type of activity. What we saw was some limited cases where 
it could clearly be drawn, and of course, you have read some of 
the headlines where certain individuals were charged, I think 
in Illinois was one I read about where they were dismissed 
later because there was not enough to show that tie into 
terrorism.
    It is clearly a concern from a security standpoint if 
nothing else, but also from a fraud standpoint, people being 
victimized based on their good nature. We have a lot of types 
of these things happening, like right after 9/11 we would see 
them crop up. After any calamity generally you will see these 
things emerge.
    It is just very difficult to identify them quickly enough 
to take action before people are hurt. So the sooner we hear, 
the better always.
    The Chairman. David, is a false website, let us say in a 
post-9/11 event where monies are being asked for for charitable 
purposes and it is a fraud, is that considered phishing?
    Mr. Jevans. That is typically not considered phishing 
unless somebody is sending out spam e-mails to pull people into 
one that may be replicating a legitimate one. So you may see 
things where there is a legitimate site out there collecting 
monies and someone sets up a fake one, and they pull people in 
that way definitely.
    The Chairman. Go ahead, please.
    Mr. Beales. If I could just add to that. What we see most 
often in fraudulent charitable solicitations is badge fraud, 
where the----
    The Chairman. It is what?
    Mr. Beales. Badge fraud. The appeal is to help the local 
police or fire fighters or some local connection like that. We 
have brought those kinds of cases and worked with State and 
local partners in those kinds of matters, but what we have--
that is where we most frequently have seen the fraudulent kinds 
of solicitations.
    The Chairman. Howard, let us stay with you. You mention in 
your testimony seniors continue to be hit by telephone fraud 44 
percent of the time. Is it true that phone use for senior scams 
is decreasing as the use of the Internet is increasing?
    Mr. Beales. It certainly is in our complaints. We are 
seeing more and more Internet and less and less telephone. That 
is very much the trend, but it is hard to say how much of that 
is real and how much of that is the nature of complaints. 
Complaints are easier online, so for people who are online and 
where the contact is online, they may be more likely to file a 
complaint and that would change the relative proportions.
    There is clearly still a lot of telemarketing fraud out 
there, and we are bringing numerous telemarketing cases that go 
after those problems.
    The Chairman. Do you know if Internet fraud now exceeds the 
U.S. Mail service as a means of scamming people over 60?
    Mr. Beales. It certainly does as a means of the first 
contact in our complaints, and again, with the same caveat, 
that it is hard to tell how much of that is real and how much 
of it is complaints.
    The Chairman. President Bush signed anti-spam legislation 
last year. How is the fight against spam going at this moment?
    Mr. Beales. The fight against spam is going to be a long 
and difficult one. There is no single or easy solution 
unfortunately. We have brought already more than 60 cases under 
the FTC Act, challenging fraudulent and deceptive spam. We have 
numerous other investigations in the pipeline and will continue 
to devote a lot of resources to it.
    We are engaged in rulemakings to implement parts of that 
statute. We just published a broad advance notice of proposed 
rulemaking on the kinds of rules that might be necessary. We 
are also working closely with the criminal authorities to try 
to develop cases that may be appropriate for criminal 
prosecution under Can Spam. There is progress, and but it is 
slow and it is going to take time.
    Mr. Jevans. Mr. Chairman.
    The Chairman. Yes?
    Mr. Jevans. We have noticed that there has been some 
decrease in spam to the companies that launched major lawsuits 
a week or so ago. That would be Microsoft, AOL. Earthlink and 
Yahoo came together and launched quite a number of lawsuits. 
AOL has come out and said they have seen a decrease in the 
amount of spam. However, the overall amount of the spam on the 
Internet, which we are measuring on a daily basis, has not 
decreased.
    The Chairman. Is it increasing?
    Mr. Jevans. It continues to increase, and it may be just 
that it is moving away from those big entities who have a lot 
of legal muscle, and just moving out to everybody else.
    The Chairman. Thank you.
    Tanya, would you highlight for us the top three investment 
schemes that seniors seem to be drawn to and why?
    Ms. Solov. The top one is probably I would say the scheme 
where investors are asked to invest in a company that is just 
going public, and generally these are ``startup companies'' 
that usually deal with either technology or medicine. They are 
companies that are touting that they have the cure for cancer 
or for AIDS or other ailments. So that is probably the top scam 
that we are seeing.
    Second, we are seeing a tremendous number of scams 
involving real estate ventures. The public has heard that one 
segment of the economy that continues to grow and is doing 
really well is real estate. So the con artists have set up 
shops indicating that they are investing in real estate 
ventured.
    Third, I would say prime bank notes or foreign investments. 
Again, senior have heard the term--and other investors too--one 
must diversify. So they are encouraged to invest in foreign 
investments, foreign currencies and at companies that are 
allegedly investing in developing countries.
    The Chairman. David, who is liable if a consumer falls for 
a phishing attack and their information is stolen and misused?
    Mr. Jevans. Typically if it is a credit card that has been 
stolen, generally the consumer is protected under Regulation Z, 
and the bank typically or the merchant will be liable on the 
Internet, if it is using an Internet merchant, it would be the 
merchant. However, if a consumer's bank account information 
is----
    The Chairman. But right now we just heard Dave say that the 
theft of the identity is not punishable as much as what you use 
the identify for; is that correct?
    Mr. Nahmias. They are separate crimes and you can charge 
someone, but under the sentencing guidelines currently they 
merge for sentencing purposes so there is no additional 
penalty, and frankly, prosecutors often do not charge them 
because you have to prove more and you do not get any bank for 
your buck.
     The Chairman. I see.
    Go ahead, David.
    Mr. Jevans. Typically people are prosecuted under wire 
fraud, mail fraud, bank fraud. So if it is a credit card, the 
consumer is usually OK. It is usually the merchant who is 
liable. If it is a bank account that has been basically 
broached, legally in the United States it would be consumer who 
is liable because they have divulged their password to someone 
who is not the bank. However, fortunately, banks will make 
consumers whole, and in the rare case it happens, they will 
usually reimburse them.
    If a Social Security number is taken and loans are taken 
out against the consumer, if they can prove fraud they can 
usually get restitution, but that can be a long drawn-put 
process.
    The Chairman. David, I am going to ask you this last 
question, and you all may want to respond to it. We recently, 
at least within the last year and a half or two, saw a movie 
with Tom Hanks and Leonardo DiCaprio, in which Leonardo was the 
ultimate check-writing artist and ID scam artist. True story. 
He was ultimately caught by the FBI and their Check Fraud 
Division, and ultimately used by them to take down other check 
writers. You have just heard Mr. Groover this morning offer 
some suggestions. Obviously, he was talented enough at the time 
to take a lot of money out of ID theft and credit cards. You 
are apprehending people who are obviously very talented at what 
they do to access and to develop fraudulent documents and 
materials on the Internet. Are you using them? Are they willing 
to come forward after caught? Is their information and their 
knowledge a usable commodity? Do you solicit from them for 
information blocking the kind of scams that go forward, or are 
they simply stuck in a Federal pen and left there?
    Mr. Jevans. Regrettably, most of them have not been caught, 
particularly in the phishing side of things which is 
technologically advanced. We have established some 
communication with people. The ones who have been caught mostly 
have been amateurs. The more technical ones, there have been 
dialogs. We understand what they are doing. There appears to be 
correlation between what they are doing and virus writers. As 
we all know, catching virus writers is extremely difficult. 
There are rewards out of hundreds of thousands of dollars and 
nobody has been really caught yet.
    I thought that Mr. Groover had some very good points and 
some of those could definitely help.
    The Chairman. Did you take notes?
    Mr. Jevans. Absolutely, absolutely.
    The Chairman. Can you imagine going back to the office and 
saying, ``I have just gotten this information from a convicted 
felon?''
    Mr. Jevans. I will be. [Laughter.]
    The Chairman. All right.
    Mr. Jevans. I thought his idea about a pass key to your 
credit reporting information was definitely a good one and 
would not require wholesale re-engineering of that system. 
However, you do have the vulnerability that if you type that 
into a fraudulent website, that person has got it, so there are 
some technical things that need to be worked out there.
    The Chairman. Anyone else wish to react to that last 
comment or question? Howard?
    Mr. Beales. Senator, I think there is a delicate balance 
that the Congress worried very much about in re-authorizing the 
Fair Credit Reporting Act at the end of last year, between 
security of credit information, which is clearly important, and 
ease of access to credit on behalf of consumers who need 
credit. There really are some difficult tradeoffs there. I 
think there are a great many Americans who do not know they 
have a credit report, let alone able to remember the pass key 
that they would need to get into it----
    The Chairman. Until they are told----
    Mr. Beales. That is bad.
    Mr. Maxwell. Senator.
    The Chairman. Yes.
    Mr. Maxwell. To get right to the heart of what you said 
earlier, I did not have the pleasure of meeting Mr. DiCaprio, 
but I did meet Mr. Frank Abagnale, who was what the movie was 
based on.
    The Chairman. Yes.
    Mr. Maxwell. We invited him to speak at one of our fraud 
training symposiums, and a fascinating individual, as you would 
expect. He mentioned that he does one venture a year for the 
Federal Government to pay back what he had done to the country, 
because I engaged him in conversation and she shared that with 
me.
    We have videotaped telemarketing, people convicted of 
telemarketing cases, investment schemes, and we use them in our 
training effort. If David will forgive me, we also invite them 
to the defense bar sometimes, to come and help train our 
agents, so it is very valuable. Yes, I took notes as well.
    The Chairman. The criminal mind is usually a pretty bright 
mind.
    Mr. Maxwell. Yes, very much so.
    Mr. Nahmias. I would agree. We learn a lot from the people 
we catch. Usually our preference is both to have them 
incarcerated and to learn from them, rather than other 
alternates, but the Federal sentencing guideline system is set 
up to create great incentives for people to cooperate with the 
Government. The other thing I would say, is while I think Mr. 
Groover had some good ideas, I was pleased that some of the 
ideas he has such as interagency coordination to collect 
complaints are already in effect.
    The Chairman. I did see you smiling once there when he made 
that comment.
    Mr. Nahmias. It is nice to know that we are ahead of the 
criminals on some things, and really a lot of the credit for 
that goes to the FTC.
    The Chairman. Tanya, gentlemen, thank you all very much for 
your testimony today, as we continue to try to stay on top of 
this rapidly evolving issue. I oftentimes tell this story, and 
I will conclude with it.
    I have a mother-in-law who lives in a retirement community 
in Tucson. Five years ago there was a lovely pool room in that 
retirement community, and I walked by there with my father-in-
law, and nobody was using it. Two pool tables, the lights were 
out. I said, ``Nobody plays pool here?'' He said, ``Not 
really.'' At that time, and still today, my wife is much better 
on the Internet and with a computer than I, and she was 
teaching my father-in-law and mother-in-law to gain access to 
the Internet. They said, ``You ought to do this for the rest on 
this living group.'' That evolved into the taking out of the 
pool room and the putting in of a computer room. I think there 
are 12 terminals there now.
    I was down there recently. My father-in-law has since 
passed away, but my mother-in-law is still very active. Walked 
by there at about 10 o'clock one night in a community in where 
the average age is probably 78 to 80, and there were five 
people in there, talking to their grandchildren and their kids, 
and on eBay, so the world is changing very rapidly for that 
senior community. They were slow to come to the Internet, but 
they are now coming very rapidly, as I mentioned, and we are 
now encouraging them to go there, and certainly my generation 
of baby boomers, they are all going to be pretty computer 
literate when they get to that age. So what we do here now and 
the foundational work we do to catch the fraud and the criminal 
that will access them through the Internet, is I hope 
productive work.
    I thank you all very much for being with us this morning. 
The Special Committee will stand adjourned.
    [Whereupon, at 12:09 p.m., the Special Committee was 
adjourned.]

                                 
