[Senate Hearing 108-486]
[From the U.S. Government Publishing Office]
S. Hrg. 108-486
INTERNET FRAUD HITS SENIORS:
AS SENIORS VENTURE INTO THE WEB, THE FINANCIAL PREDATORS LURK AND TAKE
AIM
=======================================================================
HEARING
before the
SPECIAL COMMITTEE ON AGING
UNITED STATES SENATE
ONE HUNDRED EIGHTH CONGRESS
SECOND SESSION
__________
WASHINGTON, DC
__________
MARCH 23, 2004
__________
Serial No. 108-32
Printed for the use of the Special Committee on Aging
93-526 U.S. GOVERNMENT PRINTING OFFICE
WASHINGTON : 2003
____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; (202) 512�091800
Fax: (202) 512�092250 Mail: Stop SSOP, Washington, DC 20402�090001
SPECIAL COMMITTEE ON AGING
LARRY CRAIG, Idaho, Chairman
RICHARD SHELBY, Alabama JOHN B. BREAUX, Louisiana, Ranking
SUSAN COLLINS, Maine Member
MIKE ENZI, Wyoming HARRY REID, Nevada
GORDON SMITH, Oregon HERB KOHL, Wisconsin
JAMES M. TALENT, Missouri JAMES M. JEFFORDS, Vermont
PETER G. FITZGERALD, Illinois RUSSELL D. FEINGOLD, Wisconsin
ORRIN G. HATCH, Utah RON WYDEN, Oregon
ELIZABETH DOLE, North Carolina BLANCHE L. LINCOLN, Arkansas
TED STEVENS, Alaska EVAN BAYH, Indiana
RICK SANTORUM, Pennsylvania THOMAS R. CARPER, Delaware
DEBBIE STABENOW, Michigan
Lupe Wissel, Staff Director
Michelle Easton, Ranking Member Staff Director
(ii)
?
C O N T E N T S
----------
Page
Opening Statement of Senator Larry E. Craig...................... 1
Statement of Senator Susan Collins............................... 2
Panel I
Jeffrey Groover, inmate, Federal Correctional Institution, Yazoo
City, MS....................................................... 3
Panel II
Dave Nahmias, Deputy Assistant Attorney General, Criminal
Division, Department of Justice, Washington, DC................ 8
Lawrence E. Maxwell, Assistant Chief Inspector, U.S. Postal
Inspection Service, Washington, DC............................. 27
J. Howard Beales, III, Director, Bureau of Consumer Protection,
The Federal Trade Commission, Washington, DC................... 47
Tanya Solov, director of Securities, North American Securities
Administrators Association, Chicago, IL........................ 70
David Jevans, chairman, Anti-Phishing Working Group, Redwood
City, CA....................................................... 77
(iii)
INTERNET FRAUD HITS SENIORS: AS SENIORS VENTURE INTO THE WEB, THE
FINANCIAL PREDATORS LURK AND TAKE AIM
---------- --
TUESDAY, MARCH 23, 2004
U.S. Senate,
Special Committee on Aging,
Washington, DC.
The committee met, pursuant to notice, at 10:34 a.m., in
room SD-628, Dirksen Senate Office Building, Hon. Larry E.
Craig (chairman of the committee) presiding.
Present: Senators Craig and Collins.
OPENING STATEMENT OF SENATOR LARRY CRAIG, CHAIRMAN
The Chairman. Good morning, everyone. The Special Committee
on Aging will be convened. The subject today, Internet Fraud
Hits Seniors: As Seniors Venture into the Web, the Financial
Predators Lurk and Take Aim. I would like to thank our
witnesses for joining us today on an issue of growing national
concern, the emerging use of the Internet to perpetuate fraud
against our nation's senior citizens.
According to a recent survey, those 65 years of age and
older are the fastest-growing group online, increasing their
presence on the Internet by 25 percent in 2003. As seniors go
online in record numbers, fraud perpetuated through the
Internet is dramatically on the rise. Thousands of Internet
fraud victims in 2002 were senior citizens and those numbers
nearly doubled in 2003. Seniors are also targeted in
disproportionate numbers by scams originating across borders
and overseas.
We know that the Internet offers a vast global marketplace
for consumers and businesses alike. Unfortunately, scam artists
also recognize the potential of the Internet for criminal
enterprises. The same scams that were once conducted by mail
and phone are now easily perpetuated through the Internet, and
new scams emerge every day. Criminals know that they can commit
fraud online in a faster and more cost-effective way. They also
know it is harder to get caught.
Therefore, to effectively fight this crime, it is critical
that the State and Federal law enforcement agencies work
closely together. In cases of Internet fraud committed across
borders, it is important for domestic law enforcement to work
effectively with their foreign counterparts. As part of this
hearing, I am pleased to announce a new public awareness
Initiative with Federal agency partners to educate the senior
population on the new dangers of Internet fraud. The FTC is our
lead partner in this effort.
In conclusion, I also urge the law enforcement agencies
represented here today to be on the alert for Internet fraud
related to the new Medicare prescription drug discount card
program that this committee reviewed just a few weeks ago.
Although no Internet fraud reports have been reported as of
yet, we must remain ever-alert to new ventures or avenues of
criminal activity.
Before I introduce our first panel, let me turn to my
colleague Susan Collins who, through her committee, has already
done work in this area.
STATEMENT OF SENATOR SUSAN COLLINS
Senator Collins. Thank you very much, Mr. Chairman.
I am very pleased that you are holding this hearing today
on such an important issue. I have long been concerned about
the problem of Internet fraud, particularly those scams
targeting our elderly. The Internet is a phenomenal tool of
commerce and communication, but it also provides a powerful
tool to those who would use it for criminal purposes.
The Permanent Subcommittee on Investigations, which I
formerly chaired, held a series of hearings related to fraud
and the Internet. We began the series in 1998 with a hearing on
the very topic that we are addressing today, Internet scams and
how they affect consumers, particularly our senior citizens.
I recall saying at the time, this was 6 years ago, that 175
countries were connected to the Internet and approximately 50
million Americans were using the Web. I thought that was
astonishing at the time. Well, today, of course, that number
has grown to at least 203 countries and 165 million Americans
who regularly use the Internet to pay their bills, shop online,
or simply to search for information or communicate with their
friends and family.
There is no question that the Internet has been a boon for
business. The remarkable ease and speed with which transactions
can be conducted over the Internet have made the world a
smaller place. Consumers have the ability to engage in a
variety of commercial activities across State and even national
borders, including shopping, banking, and investing, all from
the comfort, privacy, and safety of their own homes. An
unfortunate corollary to this ease of access, however, is that
those who wish to use the Internet to defraud innocent people
can also work just as easily from the privacy, comfort, and
safety of their own homes, or anywhere else, for that matter.
Because the Internet can be used to transfer text, pictures,
music, as well as money, credit card numbers, and other
personal information, the potential for criminal use of the
Internet is infinite.
Corresponding to the explosive growth of the Internet, the
number of consumer complaints of Internet fraud to the Federal
Trade Commission continues to rise. Of the nearly 302,000 fraud
complaints filed last year, more than 166,000 people reported
that they had been victims of Internet-related fraud. That is
more than a doubling of the number of victims in the last three
years. The cost of this escalating fraud? Nearly $200 million,
including $12.8 million paid out by defrauded seniors, many of
whom are living on limited incomes. Those are only the ones who
actually took the time to file complaints with the FTC. The
real number is undoubtedly much higher.
Seniors can be especially vulnerable to Internet fraud.
Some of the very achievements that they have worked their whole
lives to attain contribute to this vulnerability. Many seniors
have strong credit records earned over years of faithfully
paying their bills on time. This good credit is being abused by
thieves who steal their credit card numbers to run up bills on
their accounts, or by others who promise huge returns on an
investment that never materializes.
Law enforcement officials know that almost any crime that
can be committed in the real world can also be committed in the
virtual world. In fact, the Internet allows criminals to target
their victims more quickly, less expensively, and with much
less chance of getting caught.
So again, Mr. Chairman, I salute you for undertaking this
effort. I think one of the most important things we can do for
our seniors is to educate them and alert them to the potential
for fraud. I know that has been the focus of your efforts as
chairman, and I salute you for that.
The Chairman. Senator, thank you very much for that
statement. Those facts, the statistics of access to and, now,
regular use of the Internet are really phenomenal and are still
moving by large numbers in this country.
Now let us move to our panelists and our first panel. Our
first panelist is Jeffrey Groover, a former Internet service
business owner and currently an inmate of the Federal
Corrections System, who will share with us his experience with
Internet fraud. I must tell you, Jeffrey, I am pleased that you
were willing to testify today and you were allowed to testify.
I think it is important for the record that we hear first-hand
from someone who has effectively used the Internet for criminal
activity.
Mr. Groover, since you will be testifying as to the facts
in a case that you have first-hand knowledge of, we need to
take your testimony under oath. Would you please stand and
raise your right hand.
Jeffrey Groover, do you solemnly swear that the testimony
you are about to give before the committee is the truth, the
whole truth and nothing but the truth, so help you God?
Mr. Groover. I do.
The Chairman. Please be seated. Again, we thank you for
your willingness to testify. Please proceed with your
testimony.
STATEMENT OF JEFFREY GROOVER, INMATE, FEDERAL CORRECTIONAL
INSTITUTION, YAZOO CITY, MS
Mr. Groover. Good morning, Mr. Chairman, distinguished
senators. Thank you. My name is Jeffrey Groover, and I would
like to thank you for the opportunity and privilege to speak to
the committee today.
I am 43-years old, I'm from West Palm Beach, FL. I have
worked in the computer networking and telecommunications fields
for the past 18 years. In 1996, I started a small Internet
service provider company that we sold in 1999; then I started a
telecommunications and Internet company.
During the following year, I found myself in financial
difficulties. The Internet bust had left me in a financial
crisis. I began to fraudulently obtain credit to keep my
business going and to support my former wife and two small
children. I was subsequently caught and convicted in Federal
court of unauthorized use of an access device. I was given a
substantial Federal prison sentence.
I stole the identities of a few individuals, including Mr.
Nelson Doubleday, a wealthy Florida resident and co-owner of
the New York Mets. The techniques are lengthy and technical.
However, all that I needed was your name and the approximate
area where you lived, and in a few hours I could obtain your
full name, your address, your date of birth, your Social
Security number, your wife's name, your previous address, and
any vehicles or property that you owned.
After applying online for a credit card in your name and
being approved within a few minutes, I would receive it in a
few weeks. Then I would run a complete credit report from any
one of the online credit reporting agencies and find out who
you had credit accounts with. From there, I could tap into your
bank account, providing that I had the right circumstances. I
did all this through the Internet.
Everyone is susceptible to this type of fraud. That is not
to scare everyone; that is just to make everyone aware that the
Internet is to be used with caution, especially senior Internet
users. With just a few small changes, it can also be a safer
place to do business as well as conduct credit and financial
transactions.
I came here to assist my country and in some small way to
find redemption for what I've done. I lost my home, my
business, my freedom, and most of all, my wife and children,
for what I did. The punishment is severe, and rest assure that
I will not do it again. However, that will not stop other
people from continuing to do this type of crime due to the ease
in which it can be done.
I believe, though, that I can provide you with some
recommendations that will stop a large portion of these crimes.
One recommendation is this: To require credit reporting
agencies to implement a pass-key system in order to access an
individual's credit report. This will save billions of dollars
each year in credit fraud done through the Internet or
otherwise. When an individual applies for credit, they must
enter their pass-key authorizing their credit file to be
accessed. If the pass-key is incorrect, then their file is
locked and further contact with the correct individual will be
necessary to unlock it. This will stop this type of fraud at
the inception.
Furthermore, procedures should be implemented to allow a
consumer to lock their credit file at their instruction from
anyone attempting to gain access to it. For instance, if they
go on vacation, away on business or an extended hospital stay,
at the time they need their credit report they would simply go
online and unlock their file. All this could be implemented
easily and without major changes to the credit reporting
agencies' system.
Although I do not have enough time here now to provide you
in great detail on how to prevent these types of crimes, my
knowledge and experience is available to you anytime.
I once again apologize to Mr. Doubleday and the other
victims and hope they will forgive me. I am happy to be of
assistance to you in this matter and will answer any questions
you may have, as well as make further recommendations to the
committee.
Thank you once again, Mr. Chairman and members of the
committee.
The Chairman. Well, Jeffrey, thank you for that testimony.
Again, I must say I do appreciate your willingness to come
before the committee this morning and speak as openly as you
have about your own actions, but also to offer up suggestions
as to how the Internet might be improved.
Can you state for the record the charges you were convicted
of and the time that you are currently serving?
Mr. Groover. Yes. It was Title 18, United States Code
Subsection 1029, unauthorized use of an access device. I was
sentenced to 46 months in Federal prison.
The Chairman. How was the law enforcement in Florida
finally able to catch up with you and your unlawful action on
the Internet?
Mr. Groover. Basically, Senator, law enforcement was able
to catch me because not only was I committing criminal
activity, I was raising a family and trying to keep a
legitimate business going. Had I only been focused on being a
criminal, they would have had a much tougher time catching me,
if at all. So basically what I am saying is that the people
that are doing this type of crime, if they are solely focused
on being criminal, then it is tougher to catch them. In my
case, I guess you could say no man's legs are long enough to
walk on both sides of the fence.
The Chairman. Well, that and, I am assuming by what you
just said, because you were staying in one location and not
moving around or attempting to in any way evade the law, did
that assist in their being able to catch you?
Mr. Groover. Yes, I would say so.
The Chairman. Why do you think the Internet is becoming the
weapon of choice in perpetuating financial crimes in this
country?
Mr. Groover. The ease of use and the Internet has become
ubiquitous throughout the world. So they can move around,
criminals can move around easily, and put up a Web site here or
do activity anywhere around the world on the Internet and they
can contact another individual or another piece of equipment
anywhere in the world.
The Chairman. In your situation, were the victims, like Mr.
Doubleday, compensated for their losses?
Mr. Groover. Well, I was ordered to pay restitution in the
amount of $271,902, and I've been making payments while in
prison. In general, the bank and credit card companies lost the
money, not as much the individual. I would like to state for
the record I was not targeting Mr. Doubleday because he was a
senior citizen. That just happened out of chance.
The Chairman. How much did calculations of the chances that
you would be caught play into your decision to commit Internet
fraud? I should say that in the backdrop, Jeffrey, of your
talent, your experience on the Internet coupled with what we
believe is a more difficult crime to catch people in. How did
that all fit into your particular action?
Mr. Groover. Well, it's kind of hard to look back at this
point, but I believe that I thought I would not get caught
because of my expertise in the computer and Internet field. I
didn't think that I would lose my family, my business, my
possessions. I didn't think I would be put in a human warehouse
a thousand miles from my home. I didn't think about all of
those things. So it's kind of hard to say what I was thinking
about at that time. Had I thought long and hard, I wouldn't
have done it.
The Chairman. Sure. You have mentioned at least one measure
and you spoke of possibly others. How would you advise law
enforcement in the pursuit of Internet criminals between
States. I say that because you said you stood still. If you
were intent on a criminal act and if you were operating, if I
can use the term, from a criminal mind, you said it would have
been much more difficult to catch you, or to catch someone like
you. What recommendations do you offer up to law enforcement?
Mr. Groover. That is correct. Actually, in explanation, I
initially started out trying to pay back the credit that I was
using, and I was paying some of it back. But it doesn't always
work out that way. So I did stay in one place.
What I would recommend to law enforcement is to set up an
Internet crime clearinghouse to coordinate efforts between
agencies; to set up an online Internet crime information center
where citizens can find out about companies and people that are
doing crime on the Internet. The object is, is to keep the
criminals running and moving without giving them an opportunity
to stay in one place and create large amounts of these frauds
that are going on.
The Chairman. For a young person to be active on the
Internet and have certain skills is one thing; for senior
citizens who have never ventured on and are now venturing on in
great numbers, as both myself and Senator Collins mentioned,
what can senior citizens learn from your case of Internet
fraud?
Mr. Groover. They should learn the following. Deal with
reputable companies. Don't give out personal information over
the Internet, such as Social Security numbers and birth dates.
When in doubt, check out the company. If you can't reach them
by phone, they don't publish a physical address on their Web
site, they don't exist. Report fraudulent activity right away,
and follow up on it. Don't open suspicious e-mail messages or
attachments. If you think someone has stolen your identity,
immediately inform in writing the credit bureaus, all of your
creditors, including credit card companies, and make sure that
you state that no credit is to be issued unless you are
contacted first.
Also, take a class on Internet use and join a users group
in your area, and learn how to share and exchange ideas and
information the way it was meant to be done.
If there is any benefit from what I've recommended, let it
be that I have helped people to become empowered to protect
themselves better from these types of crimes.
The Chairman. Well, Jeffrey, thank you very much for those
suggestions. Now let me turn to my colleague Senator Collins
for questions she might ask.
Senator Collins. Thank you, Mr. Chairman.
Do you think that you would have been able to commit the
financial crimes that you did engage in were it not for the
Internet? Prior to the Internet, would you have been able to
get access to the information that you needed to steal other
people's identities and then use their credit?
Mr. Groover. No, Senator.
Senator Collins. So this is a crime that you would not have
been able to even conduct were it not for the Internet?
Mr. Groover. Correct.
Senator Collins. One of the problems of identity theft for
the victims is that often it takes them a great deal of time to
realize that they are victims of identity theft, and by that
time, hundreds of thousands of dollars can be charged to their
credit cards. How did your victims discover that you had stolen
their identities?
Mr. Groover. That I'm not exactly clear on, but I would
imagine that they probably got a call from a credit card
company of some sort and--asking them about a particular charge
or something of that nature.
Senator Collins. Do you have any other specific
recommendations for us on how individuals can protect
themselves or what procedures banks or other sources of credit
could put in place to help prevent Internet thefts?
Mr. Groover. Yes, I do. The first one would be to request a
pass code to be used for all online credit card transactions,
different from a PIN.
Senator Collins. What do you mean by a pass code, exactly?
Mr. Groover. Like a word or a phrase or something like
that, or even a long number, that would be used that would
verify that you are actually the person that is the owner of
that credit card. For example, right now if you drop your
credit card outside and someone picks it up, they can go right
online and start using it. Without--with a code that they would
have to use that would be verified in the automatic
verification system, they would be required to enter that code,
and if they didn't have that code, the transaction would be
declined.
Senator Collins. Are there any other recommendations you
would like to share with us?
Mr. Groover. To require all merchants to have their credit
cards processed by a U.S. bank and not done offshore. This
would prohibit some of the scams that are going on right now in
which they are running up let's say $150--or under a ceiling of
$150 or $180 in each transaction, and when it's offshore, they
don't have to get a clearing for that transaction, and are
guaranteed payment. So when it is done offshore, they are going
to get their money no matter what, the criminal is, whereas
when it's done by--it's processed by a U.S. bank, the credit
card companies don't lose anything and neither does the credit
card holder.
Senator Collins. Thank you very much. Thank you, Mr.
Chairman.
The Chairman. Well, Jeffrey, we thank you very much again
for your willingness to testify, your openness and your
candidness as to what we might do to assist in stopping either
the criminal or, obviously, someone who finds themselves in a
situation, as you did, where you acted in a criminal way to
assist yourself. So we do appreciate that very much, and we can
ask you to stand down. Thank you.
Mr. Groover. Thank you.
The Chairman. We would ask our second panel to come
forward, please.
Good morning, everyone. We appreciate our second panel
being with us. Let me introduce them to the committee.
David Nahmias, Deputy Assistant Attorney General for the
Department of Justice, Criminal Division; Lawrence E. Maxwell,
Assistant Chief Inspector for the U.S. Postal Inspection
Service; Howard Beales, Director of the Bureau of Consumer
Protection for the Federal Trade Commission; Tanya Solov from
the Chicago Secretary of State's Office, representing the North
American Securities Administrators Association; and Dave
Jevans.
Mr. Jevans. Jevans.
The Chairman. Jevans, like Evans.
Mr. Jevans. Just like Evans, but with a J.
The Chairman. All right. Thank you. Chairman of the Anti--
this is a fascinating term, Senator--Phishing Working Group,
who is working closely with the finance and e-commerce industry
on Internet crime. In this instance, ``phishing'' is
pronounced--or spelled p-h-i-s-h-i-n-g. David, be willing and
able to explain yourself on that one. All right? Fine.
Dave, we will start with you. Please proceed.
STATEMENT OF DAVE NAHMIAS, DEPUTY ASSISTANT ATTORNEY GENERAL,
CRIMINAL DIVISION, DEPARTMENT OF JUSTICE, WASHINGTON, DC
Mr. Nahmias. Good morning, Mr. Chairman. I am pleased to
have this opportunity to appear before this committee and
discuss what the Department of Justice is doing to combat
Internet fraud, with particular regard to its impact on senior
citizens. I have submitted written testimony for the record,
which I will briefly summarize now.
As Howard Beales of the Federal Trade Commission can
discuss in more detail, Internet use by all demographic groups,
including seniors, continues to increase rapidly.
Unfortunately, Internet crime is increasing even more rapidly,
with both Internet fraud complaints and identity theft
complaints filed with the FTC tripling in the past 3 years.
Scams ranging from bogus investment deals to schemes that
exploit online auctionsites are widely prevalent on the
Internet and pose serious risks to the financial well being of
senior citizens and other Internet users.
The Department of Justice and our law enforcement and
regulatory partners take these trends very seriously, and we
have devised a number of responses that includes an aggressive
program of criminal enforcement. Last year, for example, the
Department spearheaded two nationwide takedowns of prosecutions
directed at online economic crime. Operation E-Con, announced
in May 2003, and operation Cyber Sweep, announced in November
of last year, involved the combined total of more than 215
criminal investigations directed at schemes that victimized
more than 214,000 people out of more than $276 million. These
operations resulted in the arrest or conviction of more than
255 people, including more than 70 indictments stemming just
from Operation Cyber Sweep in November.
These two takedowns included prosecutions of large-scale
Internet fraud schemes involving bogus investments, phishing
and other identity theft schemes, fraudulent online
pharmaceutical sales, and other cases in which senior citizens
and others were at risk of loss or harm. In Operation E-Con,
for example, one case successfully prosecuted by the U.S.
Attorney's Office for the Eastern District of California
involved an online Ponzi scheme known as the Tri-West
Investment Club, which took in nearly $60 million from 15,000
investors worldwide. Another online Ponzi scheme that Operation
E-Con shut down defrauded more than $8 million from 23,000
investors.
These online investment frauds are of particular concern
for seniors, who seek financial information online more than
any other group of Internet users and who typically have more
assets to lose and less opportunity to recover from losses.
The Federal courts generally appear to be handing down
significant sentences for these offenses. For example, in one
case of phishing that the U.S. Attorney's Office for the
Eastern District of Virginia prosecuted as part of our
Operation Cyber Sweep, the lead defendant received 46 months
imprisonment and her confederate was sentenced to 37 months in
prison.
In another Cyber Sweep identity theft and fraud case
prosecuted by the U.S. Attorney's Office for the Southern
District of New York, one defendant, who with his co-
conspirators had stolen banking and pedigree information which
they then used to open PayPal accounts and fund those accounts
by direct transfers from victim bank accounts, received 30
months imprisonment. A codefendant is awaiting sentencing. All
those sentences, of course, in the Federal system are without
parole.
Currently there are several Federal sentencing guideline
enhancements that may enable prosecutors to seek higher
sentences in fraud cases where senior citizens are victimized.
But these enhancements sometimes do not capture the full harm
done, especially by identity theft. The administration,
therefore, has supported the Identity Theft Penalty Enhancement
Act, S. 153, which would create a new offense of aggravated
identity theft to ensure a minimum 2-year sentence enhancement
in a variety of serious fraud-related offenses and would expand
the scope of the existing identity theft statute, 18 U.S.C.
Section 1028(a)(7). The Senate has passed that bill, and this
morning one of my colleagues from the Criminal Division is
testifying before a subcommittee of the House Judiciary
Committee in support of the House version of that act.
The successes that we have had to date against online fraud
would not have been possible without support from and close
coordination with many law enforcement and regulatory partners.
I am pleased to say that the FTC, through its outstanding
Consumer Sentinel data base of consumer complaints and its
enforcement efforts, has been a valued partner in the takedowns
I discussed, along with the Postal Inspection Service, the FBI,
the U.S. Secret Service, the Bureau of Immigration and Customs
Enforcement, and other Federal, State, and local agencies.
We also work closely with foreign governments, such as
Canada and Nigeria, and with private sector groups such as the
Anti-Phishing Working Group.
Finally, training our prosecutors and investigative agents
about Internet fraud and educating the public about how to
prevent and avoid Internet fraud are key pieces of our overall
enforcement strategy.
Mr. Chairman, that concludes my opening remarks. I would be
happy to take questions from the committee now or after all the
witnesses on this panel have testified, as you prefer.
[The prepared statement of Mr. Nahmias follows:]
[GRAPHIC] [TIFF OMITTED] T3526.001
[GRAPHIC] [TIFF OMITTED] T3526.002
[GRAPHIC] [TIFF OMITTED] T3526.003
[GRAPHIC] [TIFF OMITTED] T3526.004
[GRAPHIC] [TIFF OMITTED] T3526.005
[GRAPHIC] [TIFF OMITTED] T3526.006
[GRAPHIC] [TIFF OMITTED] T3526.007
[GRAPHIC] [TIFF OMITTED] T3526.008
[GRAPHIC] [TIFF OMITTED] T3526.009
[GRAPHIC] [TIFF OMITTED] T3526.010
[GRAPHIC] [TIFF OMITTED] T3526.011
[GRAPHIC] [TIFF OMITTED] T3526.012
[GRAPHIC] [TIFF OMITTED] T3526.013
[GRAPHIC] [TIFF OMITTED] T3526.014
[GRAPHIC] [TIFF OMITTED] T3526.015
[GRAPHIC] [TIFF OMITTED] T3526.016
The Chairman. Thank you, Dave. We will ask questions,
either individually or collective, of all of you after the
testimony is given. Now let me turn to Lawrence Maxwell,
Assistant Chief Inspector, U.S. Postal Inspection Service.
STATEMENT OF LAWRENCE E. MAXWELL, ASSISTANT CHIEF INSPECTOR,
U.S. POSTAL INSPECTION SERVICE, WASHINGTON, DC
Mr. Maxwell. Thank you, Mr. Chairman. I appreciate
appearing before you, particularly on this very timely and
important matter.
I have submitted some lengthy comments comprehensive with--
--
The Chairman. All of those become a part of the record.
Thank you.
Mr. Maxwell. Great. I will summarize those here briefly.
This has become more of a concern. In my formative years as
an agent, certainly we saw a lot of victimization of elderly in
telemarketing and boiler rooms. Back in the years I worked in
New York, we investigated many, saw a lot of potential happy
lives ruined. As this evolved, today, now with the Internet, as
you have just heard, things have become a lot more of concern,
with the speed of the Internet and the ease of it. Where I
previously worried about the generation before me, now, as I
approach those years, I am starting to worry about myself as
well and my generation. We face the same issues.
The Inspection Service enters in--I will just briefly give
you a history. We mirror the long, colorful history of the
United States. We were formed by Benjamin Franklin. We were
formed to protect the Postal Service and, as it turned out, we
were the only Federal agents at the time that could serve in
the hinterland protecting mail shipments, anything of secure
value. Of course, we have had a colorful history battling stage
coach robberies and train robberies.
As we came into the modern era, the inspectors became very
much involved, in their continued fight to protect the Postal
System's carriers from robbery attack, but we also have a
reputation for protecting the consumer. That is equally
important, as initially all correspondence, all communications,
all business was conducted via the mail.
So Congress in the 1870's enacted the Mail Fraud statute,
which today remains favored by prosecutors. It is a tremendous
statute, has great potential even in this modern era. In fact,
it was not until a hundred years after its enactment that it
was even modified. That was not to give it more teeth, it was
actually to give it more reach. In 1994, I believe, with the
crime act, it was modified to extend to private couriers. So it
still remains a very viable weapon in our arsenal.
As I said, our focus continues to be to protect the
American consumer. We pride ourselves in that. We reach every
home in America, every business in America with delivery. We
have a profound responsibility to the American public.
Our fraud program consists primarily of about 300
inspectors. We are 1,900 strong; we are one of the smaller
Federal agencies. We are funded purely through the Postal
Service, so we have a little room for growth, but we have to
learn to do things smartly and we have to find creative ways to
help us in that quest.
Our arrest statistics throughout my career have pretty much
stayed on par with what they were in prior years. We
investigate roughly 3,000 or 4,000 fraud cases a year of all
different types, primarily investment schemes, advance fee
schemes. Of course now we are venturing into identity theft. As
you just heard it is the fastest-growing crime in America. We
make about 10,000 arrests a year.
What we do not pride ourselves on is the concept more-is-
better in terms of arrest. What we have learned, and this is
almost heresy coming from a law enforcement officer, but what
we have learned is the less arrests we can make, as long as we
prevent the crime, fewer people are hurt. That is where our
focus has been. I know Senator Collins is aware of this from
prior campaigns we have conducted. I will just give you an
example.
Some of the cases we have had in mail fraud--and we have
had cases resulting in, just last year, $2 billion in court-
ordered restitution to consumers that were victimized in
fraud--we forfeited $36 million. We put our forfeiture funds
back into our fight against crime, much of which goes to our
prevention efforts. But through some creativity several years
ago, creativity and vision by a U.S. attorney and by the Postal
Inspector agents, they approached us about formulating a
special account with funds earmarked for fighting fraud, the
thought being fraud is the one crime you can actually educate
someone to protect themselves. We bought into that concept in a
considerable way, and I still believe very strongly in fraud
prevention through consumer education.
As you consider the Internet and the senior citizens now
venturing on the Internet--and I read some studies where Direct
Mail quoted 75 percent of homes in America now have Internet
access, which sounds high to me but certainly not shocking. As
more people venture onto the Internet, the seniors that go on,
certainly if they are smart enough to navigate the Internet,
they are smart enough to be educated and taught how to protect
themselves.
As I said before, what is old is new today. So what is new
on the Internet really is not new. We just have to teach people
to find ways to see fraud as they encounter electronically. The
Internet is a lot faster than the written word or mail
solicitation.
What we have done is, of course, to partner. You have heard
in prior testimony, Operation Cyber Sweep. We were proud to be
part of that. Project kNOw Fraud in 1999, with our friends from
FTC, probably our strongest partners in this fight. They are
very consumer-oriented, we share our databases, we try to go to
that concept of one-stop shopping for the victim, because in No
Fraud we learned that most consumers do not know where to
complain. It is kind of tragic that, you know, you have all of
these complaints, or possibly good criminal intelligence, and
we are not made aware of it.
Just last year, in the National Fraud Against Senior Fraud
Awareness Week, which was a result of our approaching Senator
Collins and Senator Levin who passed a resolution declaring
Senior Fraud Awareness Week then conducted a campaign using
literature which I have put outside, the hearing room which is
very effective. I applaud your efforts for that support and
hope to see more of these cooperative initiatives in the
future. Any time you have an event of that media attention and
public information, it is a great way to get the word out. It
is a way of reaching people.
What we have done with several of the cases that I
mentioned earlier, monies coming from forfeitures and fines
were directed by the court and by the U.S. attorney, in
agreement with us, to put into this special consumer protection
fund. Those are the monies that we have used for Project kNOw
Fraud, which I mentioned earlier, for our campaign around the
senior fraud awareness week. We are also applying it--again,
with identity theft, we have a tremendous potential with the
Internet, both with ``phishing'' and ``spoofing'', as I think
will be covered in greater depth later. We have had several
cases which involve identity theft. It is not only, as you
mentioned in the first testimony, when people become aware, it
is how long it takes to correct the problem. For example, one
in their golden years certainly do not need that torment as
they go on through the last decades of their life.
We did produce a professionally done DVD video, which is
about 12 minutes in length. We have a number of them outside.
If you have not seen it, I would encourage you to view it. It
is very well done, if I say so myself, but we had some
professionals help. It presents in a very short way but a
dramatic way what you should look for to protect against
identity theft. It leaves you with an impact.
What I would leave the panel and certainly open up to
questioning is my view on this education and prevention remains
strong. If there is a way to funnel funding for agencies to
continue this, either through fines, perhaps through
forfeiture, I would welcome that and certainly be happy to work
toward that effort. There are other powers we probably could
use that might help on the Internet. It is a little more of a
difficult problem than what we faced with the West African 419
letter, for instance. Those were actual tangible letters. We
seized about 5 million of them after we reached agreement with
the countries of Nigeria and Ghana, and we were able to destroy
them before they did the damage.
However, what happened, was when they realized we were
stopping them from getting their pitch to their victims, they
moved onto the Internet. That is a little tougher challenge for
us. So we have some thoughts on that, but anything you or the
committee could recommend would be greatly welcomed by us.
I thank you for your time.
[The prepared statement of Mr. Maxwell follows:]
[GRAPHIC] [TIFF OMITTED] T3526.017
[GRAPHIC] [TIFF OMITTED] T3526.018
[GRAPHIC] [TIFF OMITTED] T3526.019
[GRAPHIC] [TIFF OMITTED] T3526.020
[GRAPHIC] [TIFF OMITTED] T3526.021
[GRAPHIC] [TIFF OMITTED] T3526.022
[GRAPHIC] [TIFF OMITTED] T3526.023
[GRAPHIC] [TIFF OMITTED] T3526.024
[GRAPHIC] [TIFF OMITTED] T3526.025
[GRAPHIC] [TIFF OMITTED] T3526.026
[GRAPHIC] [TIFF OMITTED] T3526.027
[GRAPHIC] [TIFF OMITTED] T3526.028
[GRAPHIC] [TIFF OMITTED] T3526.029
[GRAPHIC] [TIFF OMITTED] T3526.030
[GRAPHIC] [TIFF OMITTED] T3526.031
[GRAPHIC] [TIFF OMITTED] T3526.032
[GRAPHIC] [TIFF OMITTED] T3526.033
The Chairman. Lawrence, thank you very much for your
testimony. Now let us turn to Howard Beales, Director of the
Bureau of Consumer Protection for the Federal Trade Commission.
Howard, welcome to the committee.
STATEMENT OF J. HOWARD BEALES, III, DIRECTOR, BUREAU OF
CONSUMER PROTECTION, THE FEDERAL TRADE COMMISSION, WASHINGTON,
DC
Mr. Beales. Thank you, Mr. Chairman, and thank you, Senator
Collins. I look forward to this opportunity to provide our
testimony about Internet fraud and its effect on senior
citizens.
The Internet is one of the most revolutionary marketing and
communications tools that we have seen in a long time and it
plays an increasingly central role in consumers' lives.
Unfortunately, as consumers have turned to the Internet, so too
have scam artists. Last year, for the first time, Internet-
related fraud complaints exceeded other fraud complaints,
comprising 55 percent of all fraud complaints. It was also the
first year in which consumers reported that the Internet
outstripped the telephone as the point of their first contact
with the fraudulent scheme.
However, Internet fraud does not yet appear to be affecting
seniors age 60 and over as much as other age groups. During
2003, only 28 percent of the complaints from seniors concerned
Internet-related fraud, and only 6 percent of the Internet-
related fraud complaints from all consumers came from seniors.
Moreover, seniors continue to report that their first contact
with scammers came predominantly by telephone. In our
experience, Internet scams generally do not target the elderly
as a specific group, but they seek consumer victims regardless
of demographic criteria.
Nonetheless, Internet scams that cause significant
financial injury can be particularly devastating to seniors,
many of whom live on limited or fixed incomes. Scams that
facilitate identity theft are of particular concern. ID theft
strikes all segments of the population, and it is not
surprising to find that older Americans are also targets of
this crime.
Although consumers who are age 60 or over are no more
likely to become victims of identity theft, the crime appears
to affect them in distinct ways. For example, while 33 percent
of all consumers who filed ID theft reports experienced some
sort of credit card fraud, 44 percent of those 60 or older were
victims of credit card fraud. A greater percentage of older
Americans reported ID theft attempts to the FTC than did the
general population.
Under our civil law enforcement authority, the FTC has
brought actions to stop practices that involve or facilitate
identity theft. Our cases have attacked pretexting, where
scammers use false pretenses to obtain consumers' confidential
financial information. We have also attacked phishing, where
criminals use spam to trick consumers into revealing
confidential payment information. These schemes use Web sites
that appear identical to the sites of legitimate companies with
whom consumers do business, and they as consumers to update or
validate their information. In fact, just yesterday the FTC and
the Department of Justice announced a joint law enforcement
initiative that shut down a phishing scheme.
Last year, auction fraud accounted for nearly half of all
Internet-related fraud complaints consumers reported to the
FTC. Among consumers age 60 and over, it was 29 percent of all
Internet-related complaints and ranked third in the top 15
product or service complaints reported by consumers. In light
of this data, the Commission launched Operation Bidder Beware,
an enforcement sweep targeting Internet auction scams. The
sweep combined the efforts of the FTC, 29 participating State
attorneys general, and numerous local law enforcers. Working
together, we brought more than 50 criminal and civil
enforcement actions against various Internet auction scams. We
also kicked off an extensive Federal-State consumer education
campaign featuring a dedicated Web page with information on how
to avoid auction fraud.
Another source of misleading Internet promotions is
products or services that promise to cure or treat serious
diseases or conditions such as cancer, heart disease,
arthritis, and diabetes. Older consumers constitute a large
part of the market for health-related services and remain
vulnerable to misleading claims and fraudulent practices.
To address these problems, we launched Operation Cure-All,
a coordinated FTC, law enforcement, and consumer and business
education initiative with a bilingual Web site. Last month, the
FTC announced a final order banning a Canadian company from
offering a sham cancer therapy on its Internet Web site which
referred U.S. citizens to the company's clinic in Tijuana,
Mexico, a true North American free fraud.
One of the problems in prosecuting Internet fraud is that
the Internet knows no boundaries, and cross-border fraud on the
Internet is a serious problem. In 2003, 47 percent of cross-
border complaints involved the Internet, up from 33 percent the
year before. To date, the Commission has had foreign targets in
over 60 cases and pursued assets offshore in more than 10
foreign countries. To enhance our ability to pursue these
cases, the Commission has recommended a package of legislative
changes that will facilitate cooperation with foreign law
enforcement authorities. Unless we can build stronger
enforcement cooperation across borders, more and more Americans
will fall victim to imported fraud.
Internet fraud causes significant injury to consumers and
harms public confidence in the Internet as an emerging
marketplace. The FTC will continue to combat Internet fraud
through aggressive law enforcement and consumer education. To
date, the Commission has brought 319 Internet enforcement
cases. Because prevention is often the best medicine, the FTC
takes an active role in educating consumers about Internet
scams. We have developed publications, launched dedicated Web
pages, and worked with numerous Federal agencies and private
sector partners to develop and disseminate plain-language
consumer education materials in English and Spanish to protect
all consumers, including seniors, from Internet fraud.
We will continue that effort and we look forward to working
with you and the committee on the combating senior fraud
initiative.
Thank you, and I look forward to your questions.
[The prepared statement of Mr. Beales follows:]
[GRAPHIC] [TIFF OMITTED] T3526.034
[GRAPHIC] [TIFF OMITTED] T3526.035
[GRAPHIC] [TIFF OMITTED] T3526.036
[GRAPHIC] [TIFF OMITTED] T3526.037
[GRAPHIC] [TIFF OMITTED] T3526.038
[GRAPHIC] [TIFF OMITTED] T3526.039
[GRAPHIC] [TIFF OMITTED] T3526.040
[GRAPHIC] [TIFF OMITTED] T3526.041
[GRAPHIC] [TIFF OMITTED] T3526.042
[GRAPHIC] [TIFF OMITTED] T3526.043
[GRAPHIC] [TIFF OMITTED] T3526.044
[GRAPHIC] [TIFF OMITTED] T3526.045
[GRAPHIC] [TIFF OMITTED] T3526.046
[GRAPHIC] [TIFF OMITTED] T3526.047
[GRAPHIC] [TIFF OMITTED] T3526.048
[GRAPHIC] [TIFF OMITTED] T3526.049
[GRAPHIC] [TIFF OMITTED] T3526.050
[GRAPHIC] [TIFF OMITTED] T3526.051
[GRAPHIC] [TIFF OMITTED] T3526.052
[GRAPHIC] [TIFF OMITTED] T3526.053
[GRAPHIC] [TIFF OMITTED] T3526.054
The Chairman. Howard, thank you very much.
Now let us turn to Tanya Solov from the Chicago Secretary
of State's Office, representing the National American
Securities Administrators Association. Tanya, welcome to the
committee.
STATEMENT OF TANYA SOLOV, DIRECTOR OF SECURITIES, NORTH
AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION, CHICAGO, IL
Ms. Solov. Thank you very much. I am honored to have the
opportunity to appear before you to present the States' views
on protecting senior citizens against investment fraud on the
Internet.
As the securities director for the State of Illinois, I
interact with elderly investors who approach me at senior
investor education events or call my office with complaints of
fraud. My office works with criminal authorities to prosecute
companies and individuals who commit crimes against seniors,
and bring civil actions for injunctions and restitution. We
also educate seniors through publications, videos, and
seminars.
In a perfect storm, a number of significant events come
together to create a devastating impact. State securities
regulators are deeply concerned that a prefect storm for
investment fraud is brewing, and our nation's 35 million
seniors are most at risk. These days, seniors are seeking
higher returns than those offered by certificates of deposit
and other traditional income-generating investments. The
collapse of the bubble economy and rising costs for medical
insurance, prescription drugs, and basic living expenses have
driven seniors to the Internet in search of alternative
investments.
Most seniors do not randomly surf the Internet looking for
a place to put their savings. Instead, they use the Internet as
a reference tool based on a solicitation or information they
have received from a friend or an associate or during a free
seminar. Others may just happen upon an investment Web site, or
they are recipients of unsolicited e-mail solicitation, many of
them touting penny stocks, real estate, or oil and gas
ventures.
The Internet has made it simple for a con artist to reach
millions of potential victims at minimal cost. Investment scam
artists do not have to spend money setting up boiler rooms,
making phone calls, or sending mailings. They can quickly set
up Web sites targeting investors with scams involving prime
bank notes, viatical settlements, foreign ventures, and Ponzi
schemes.
Fraud can be especially damaging for older investors
because their portfolios have less time to recover. Often,
older victims do not report crimes because they do not want
people to know they have lost money or made an unsound
investment. Also, they do not know how or where to complain.
So what can be done to combat Internet fraud? State
securities regulators believe in combining enforcement efforts
and financial education as the dual approach to protect
investors. Seniors and all investors should always call their
State securities regulator if they suspect an investment fraud.
State regulators can tell the public whether or not the
investment is registered in that State, whether the salesperson
is licensed to do business, and whether or not there is any
disciplinary history associated with the salesperson or
company.
A list of regulators is available on the North American
Securities Administrators Web site at www.nasaa.org.
In addition to education, State regulators are engaging in
vigorous enforcement against Internet con artists. My
colleague, Kansas Securities Commissioner Chris Biggs, recently
announced that an investment scam promoted over the Internet
resulted in a prison sentence of 44 months for the perpetrator
and--fortunately in that case--a return of most of the
investors' money. In that particular case, the fraudster was
using the Internet and direct mail to solicit investors for a
company called Venture Capital Investments. He guaranteed a
high return and claimed that the investments were FDIC insured.
In only 5 weeks, the fraudster raised about $85,000 from 30
investors. We brought a poster showing the Web site that was
used in that particular scam. It is off to my right there. So
it does look like a legitimate Web site, with frequently asked
questions and other points there. That is what the seniors were
directed to.
In my own State of Illinois, seniors and other investors
were solicited to send small sums of money, in some instances
as little as $100, to put into an entity that claimed to invest
in developing countries. In the end, the scam collected over
$20 million. Because the con artist in that case spent most of
his investment locally, many of his purchases were seized,
forfeited, and sold. The investors who applied for restitution
received their money back, and the scamster and 12 other
defendants were sent to prison.
State securities administrators are pursuing similar cases
across the country and they are also participating in a senior
outreach initiative that is designed to educate seniors to
protect themselves from investment fraud. A highlight of this
initiative is the Senior Investor Resource Center, which is
sponsored by NASAA. The NASAA senior resource Web site includes
commonsense solutions to protect assets from investment fraud
and links to a variety of investor education publications and
programs offered by State securities regulators and others to
assist seniors. The Web site also includes a checklist of
questions seniors should ask before making an investment
decision, and information about the current top fraud.
In conclusion, I would like to say that investment fraud
against seniors is increasing at an alarming rate. Seniors and
all investors need more, not fewer, cops on the securities
beat. This committee's examination of Internet fraud as it
affects the growing online senior population is an important
step in highlighting the problem and working toward a solution.
My office and other State securities administrators will
continue to play an active role in protecting seniors
regardless of whether a large multimillion-dollar scam is
involved or a single defrauded investor.
I thank you and your committee for allowing me the
opportunity to appear today. I look forward to answering any
questions that you may have.
Now in final conclusion, we do have a 30-second public
service announcement that I was hoping to show regarding
Internet fraud.
The Chairman. Sure. Let us hear it.
Ms. Solov. Thank you.
[The prepared statement of Ms. Solov follows:]
[GRAPHIC] [TIFF OMITTED] T3526.055
[GRAPHIC] [TIFF OMITTED] T3526.056
[GRAPHIC] [TIFF OMITTED] T3526.057
[GRAPHIC] [TIFF OMITTED] T3526.058
[GRAPHIC] [TIFF OMITTED] T3526.059
The Chairman. Thank you. Well done. Directly to the point.
Now let us turn to our last panelist this morning, David
Jevans--I am working at it, David--the chairman of the Anti-
Phishing Working Group, who is working closely with the finance
and e-commerce industry on Internet crime. David, welcome to
the committee.
STATEMENT OF DAVID JEVANS, CHAIRMAN, ANTI-PHISHING WORKING
GROUP, REDWOOD CITY, CA
Mr. Jevans. Thank you, Mr. Chairman.
I have been asked today to provide some insight on the
problem of e-mail phishing, its impact on senior citizens as
they get online and increase their use of the Internet.
First, I would like to start out with a definition of
phishing.
The Chairman. Thank you. [Laughter.]
Mr. Jevans. Then I will address the spelling.
The Chairman. All right.
Mr. Jevans. ``Phishing'' is a hacker term for a particular
type of e-mail fraud. The fraud is perpetrated by scammers and
spammers. Typically, a spam is sent to random users on the
Internet pretending to be from a legitimate bank, Internet
service provider, e-commerce company, or Government agency.
This e-mail looks exactly like an e-mail that you would expect
to receive, complete with e-mail address, logo, and other
branding elements of the legitimate Web site. However, the e-
mail is not really from who it says it is from. It is from a
fraudster. They are luring the consumer to a fake Web site in
order to trick them into revealing their credit card details,
bank account information, online banking password, or other
personal identity information.
I would like to show some black-and-white printouts of some
screen shots of phishing sites and illustrate how realistic
they are.
First, you will see here an e-mail that appears to come
from eBay. It has the logos. I have circled some elements here.
At the top it will have a spoofed e-mail address. So it says it
is from Secret Service at ebay.com. It will have the logo. It
will have links that claim to be from eBay--they say go to eBay
billing center. However, they are actually disguised links to
some other Web site.
When you click on those links, you will be brought to a Web
site that looks just like, for example in this case, the eBay
site. You will see the logo, you will see requests for
sensitive information, such as your user ID and password. Many
times you will see other information being requested, such as
your credit card information, your address, and in this case,
your ATM PIN code.
Here is one that is a little more nefarious. This is from a
major bank. What they have done here is, in the main window,
they take you to the real bank Web site. You can see it at the
top there. That is the Web site of the real bank. However,
there is a pop-up window asking you to log in with your card
number and your password and expiration. If you type that
information into that window, it goes to a server in Russia.
Banks and e-commerce companies are not the only targets.
Here is one from a major Internet service provider, AT&T. The
fraudster is using their logo and claiming that you have to
update your credit card information to continue to keep your
account active.
Last summer, the FBI termed phishing the hottest and most
troubling new scam on the Internet. Indeed, reports of phishing
attacks jumped over 400 percent during the 2003 Christmas
holiday season, according to the most recent analysis by the
Anti-Phishing Working Group. Worse, the increasing realism of
these phishing messages, including logos and professionally
designed forms for entering credit card information and bank
account data, have made them ever more successful. The average
positive response rate is between 1 and 5 percent for the
people who receive them.
Phishing attacks are also increasing in frequency, scope,
and sophistication. Recently, Citigroup, Lloyds TSB, Barclays
Bank have all been subject to phishing attacks that spoofed
their identities in pursuit of customer account, debit and
credit card data. Within the last year, Wachovia Bank, Bank of
America, US Bank, Bank of Montreal, Westpac Bank, and ANZ Bank
of Australia have all been hit by phishing scams. Although
financial service firms were obvious initial targets for
phishing attacks, adept identity thieves have expanded their
phishing operations to exploit a number of Internet consumer
brands and Government agencies, including Yahoo!, eBay, PayPal,
Monster.com, Bestbuy.com, Microsoft MSN, and even the FDIC.
The term ``phishing'' comes from the analogy that Internet
scammers are using e-mail lures to fish for passwords and
financial data from the sea of Internet users. Now, it is
spelled with a ph instead of an f. Ph is a common hacker
replacement for an f, and it is a nod to the original hacking,
really, from the early 1970's known as phone phreaking. In
fact, it is the origin of a lot ph-spelling used in many hacker
pseudonyms and hacker organizations.
Phishing scams are of particular concern to the senior
community. A recent survey by Nielsen/NetRatings indicates that
those 65 and older are the fastest-growing group online, and
they are increasing their presence on the Internet by 25
percent in 2003. These consumers are new to the Internet and,
as such, are not educated about the dangers of phishing fraud.
Another significant demographic fact is that persons over
the age of 50 control at least 70 percent of the nation's
household net worth. It is estimated that the elderly will
control approximately $10 trillion in assets within the next 10
years. Because phishing is a financial crime, seniors make
particularly appealing targets. Fortunately, it is still
difficult for phishers to target seniors specifically. However,
there are e-mail data bases available on the Internet that are
used by spammers for sending spam. These data bases often do
categorize e-mail addresses by the interests of each consumer.
Thus, it is feasible for a phisher to obtain or derive a list
of e-mail addresses that could be used for more targeted
attacks.
The senior population make appealing targets, and should be
particularly careful of phishing attacks because they
potentially have the most to lose. If a banking or investment
account were to be compromised, the phisher would have access
to significant assets. Also, if personal identity information,
such as a Social Security number, is obtained by a phisher, the
criminal can apply for bank loans or credit cards using the
identity of the consumer. Because many seniors have good credit
ratings and more sizable assets, the phishers will be able to
obtain larger loans and credit limits.
I recommend that consumers exercise caution when they
receive any e-mail that requests personal identity or financial
information. Any e-mail that takes you to a Web site that
requests such information should also be inspected carefully.
Because the sender can be faked in e-mail, consumers cannot
trust that an e-mail was sent to them from their bank, ISP, or
e-commerce site just by looking at the From field of the e-
mail.
I would like to share a few recommendations for consumers
to protect themselves.
First, examine the Web address or URL of any Web page you
are taken to by an e-mail. If that Web page does not match the
Web address you are used to, be very suspicious.
In my experience, I have almost never seen a legitimate
reason for a Web site to ask for a Social Security number. Any
site that asks for this information should be regarded with
great suspicion.
Similarly, there is no reason for any site to request your
ATM PIN or password. Any site that requests this is fraudulent.
If you receive an e-mail purporting to be from a company,
bank, or even Government agency that you do not do business
with, and this e-mail requests personal identity or financial
information, be extremely suspicious. There have been instances
in recent months where e-mails were sent out purporting to be
from the FDIC or Regulations.gov Government agencies. These e-
mails have used scare tactics to frighten consumers into
divulging personal information.
Consumers should always use anti-virus software and keep it
up to date. You should also do weekly scans of your computer
for viruses or Trojans.
My last tip is consumers should also keep their computer
software up-to-date with the latest updates from Microsoft.
There are new updates issued by Microsoft every week or two,
and they are usually to fix new security problems that phishers
could exploit.
The Anti-Phishing Working Group has been organized to
develop an acceptable solution to e-mail phishing scams. This
is an organization of over 180 members from financial
institutions, law enforcement, ISPs, and the e-commerce
community. I am the chairman of the organization, and my day
job is senior vice president at Tumbleweed Communications, a
vendor of secure e-mail and anti-spam technology.
The Anti-Phishing Working Group has established the
www.antiphishing.org Web site as a repository of information
about phishing. The site contains a news feed of articles about
phishing as well as an ever-expanding archive of known phishing
e-mails and Web sites. Proposed technology solutions, lists of
vendors and Government agencies who can help combat phishing
are also listed on the site.
The working group members are exploring technology
solutions to allow businesses to authenticate or digitally sign
their e-mails to consumers. These techniques would allow
consumers to determine that the sender of an e-mail was really
who it purported to be. There are other technology solutions
being tested, including detection and scanning services.
Members of the Anti-Phishing Working Group are working
together to develop educational messages and best practices for
consumers and companies. The working group is working with
other organizations that are looking to combat Internet fraud,
including the Bankers Information Technology Secretariat and
the Information Technology Association of America. Consumers
should also be aware that the Federal Trade Commission and the
U.S. Department of Justice have advisory bulletins and other
information available on their Web sites.
That concludes my remarks. Thank you.
[The prepared statement of Mr. Jevans follows:]
[GRAPHIC] [TIFF OMITTED] T3526.060
[GRAPHIC] [TIFF OMITTED] T3526.061
[GRAPHIC] [TIFF OMITTED] T3526.062
[GRAPHIC] [TIFF OMITTED] T3526.063
[GRAPHIC] [TIFF OMITTED] T3526.064
[GRAPHIC] [TIFF OMITTED] T3526.065
[GRAPHIC] [TIFF OMITTED] T3526.066
The Chairman. Well, David, thank you for that testimony and
that explanation. In fact, as you were showing that first eBay
lure, I guess, I am having these quick memory flashbacks.
Literally on Saturday of this past weekend, I was at my son-in-
law's home, who makes his living servicing the Internet for a
provider, and we were accessing eBay to look at some activity
on eBay and he went by one of those, saying, Oh, that is a
phony, and just passed it by. I never asked why.
I now know. He knew, obviously, because he spends a good
deal of his professional life there. But it is fascinating that
you would pull that one up today, because that was literally
one that he had on his computer or had been sent to him, and he
passed it by very quickly, saying, That is a phony. I never
questioned him. But I find that very curious. Thank you.
Dave, let us come back to you. You mentioned Senate Bill
153, that has already passed the Senate. Hearings are going on
today. Could you reiterate for us the importance of having
Federal statutes that impose stiff penalties on these types of
crimes that are embodied within Senate Bill 153?
Mr. Nahmias. Well, as I mentioned, the existing penalties
are, in most cases, pretty good, both the underlying Federal
sentencing guidelines and enhancements that can be used where
the criminals target particularly vulnerable victims or people
particularly susceptible to crimes.
In the case of identify theft, our concern is the way the
guidelines work. Someone who commits identity theft, which is
almost always part of another crime, they get your identity to
use your credit card information or commit some other fraud.
Under the guidelines those crimes merge and there is no
additional penalty in most cases for the identity theft portion
of that crime, even though it tends to create a different kind
of harm to the victim. We are supporting this bill that has
passed the Senate, which would impose a--in most cases a 2-year
minimum additional penalty on top of the underlying penalty for
the crime committed with the stolen identity information, and
thereby serve as a deterrent to people who would potentially
commit crimes with identity theft information.
In the case of a crime that relates to terrorism, the
additional penalty would be 5 years, and we believe that that
would be an important enhancement to the overall scheme of
punishing people who commit these kinds of crimes.
The Chairman. Can you tell us more about the involvement of
organized criminal networks in financial fraud cases in
general, and I should say, who are the major players and where
do they originate from as you now know it?
Mr. Nahmias. Some of my fellow panelists may be able to
speak to this as well, but----
The Chairman. In all of these questions, as the person
asked pauses at the end, if you have additional information to
put into it, please do so for the record. Thank you.
Mr. Nahmias. I think in our experience our prosecution of
Internet fraud cases indicate, you see everything from
individuals like the person who testified on your first panel,
to organized groups, both domestic and international. We are
not aware of any specific cases in which traditional organized
crime groups such as La Cosa Nostra or motorcycle gangs have
been particularly involved in these kinds of Internet fraud
schemes, although much of the activity does involve groups of
people acting together. The only other thing I would say is
Internet crime is an extension of traditional fraud schemes as
Mr. Maxwell was talking about. It is the same schemes we have
seen for years using this particularly----
The Chairman. Just a new vehicle?
Mr. Nahmias. A new vehicle which is a very valuable vehicle
for criminals because it is so anonymous, easy to do over
distances and very hard for law enforcement to crack into
because the data is often fleeting, and unless you get onto it
quickly it may be gone.
So as traditional organized crime groups see how these new
tools can be used, there is not reason to think that they will
not try to use them as they have other tools in the past.
Mr. Maxwell. I would agree with that, Mr. Chairman. The
only additional information I would throw out is because most
of the situations we have had here in the United States are
primarily one individual or two. Child exploitation sometimes
involves a couple or two or three people, but in most fraud
schemes we have had it has been one individual or two with the
exception of those coming from abroad.
We have some concerns about some of them coming from the
former Eastern Bloc via the Internet. It was mentioned I think
earlier there was a site going back to Russia. Those are the
concerns because they present such a challenge in terms of
prosecuting and enforcement, and those are the difficulties we
are facing now.
We are exploring strategies, primarily with Canada. There
is a cross-border crime forum, as you are probably very well
aware of, which we have an Internet telemarketing group, and we
are part of that along with our colleagues in the other
agencies and FTC. That shows a lot of promise, but it has been
going on for 10 years and we still have a lot more to
accomplish, but that will be a proving ground for what may come
in the future.
The Chairman. Anyone else? Yes, David.
Mr. Jevans. Mr. Chairman, in the last 7 months we have seen
phishing sites from being largely hosted in the United States
to being hosted primarily in Eastern Europe as well as in Asia.
This makes it very difficult to tear the sites down. Instead of
being able to tear it down in a few hours, maybe half a day, it
can take up to 160 hours, basically a week, to tear the sites
down.
The other thing we have seen is that these do tend to be
groups of two or three people who largely meet in online chat
rooms. They are basically working from home, and it will be a
spammer, a fraudster and maybe a virus writer.
Ms. Solov. If I may also, from the State perspective, the
fraud, for example, that I mentioned from the State of
Illinois, that started as a one-man operation by a retired
electrician in a very small town in Illinois. Then as he made
money, he drew other people in to assist and ultimately there
were, I believe, 18 defendants in that case, most of whom were
convicted. That is what we are seeing at the State level.
But very commonly, with regard to investment fraud,
individuals are invited to a free seminar where they get coffee
and donuts and an explanation about, for example, some great
real estate venture. Then they are encouraged to go to a
website to ``verify'' that all of the information presented at
the seminar is in fact true and accurate. We find that that is
often happening with senior citizens who attend seminars and
then use the Internet as a verification tool.
The Chairman. You said something I think very important,
and I watched it in older people who I know and some within my
family, who never were heavy stock investors, but they
accumulated substantial amounts of money and they had a lot of
CDs, and the CD market, as you know, is no place to be today
because of the interest being paid, and so they are really
impacted by a decline in revenue that they had adjusted to
because of their CDs, and they are out looking and asking, and
I have parents, my wife has parents, who ask us those
questions. Where do we go to get a better return on our
investment? I think they must be phenomenally susceptible to
the kind of thing you have spoken to.
Ms. Solov. Yes, and that is a line that is very commonly
used. The con artists say, ``You are not really making any
money on the certificate of deposit. In fact, you are probably
losing money ultimately, so here are some alternative
investment opportunities.''
The Chairman. I mentioned something in my testimony--and
maybe, Dave, you can respond to it, or certainly any of you who
wish. A few weeks ago we held hearings in this room on the
implementation of the soon-to-be prescription drug discount
card, and there is a lot of work being done to stand up
websites where they can go online and look at different
opportunities, go online to look at difference in pricing. We
are asking seniors to become much more knowledgeable in
accessing the Internet for the purpose of accessing knowledge
on how to buy drugs and all of that type of thing, and this
will accelerate. Have any of you done any thinking about the
potential fraud that is going on in that area, and has the
Department of Justice taken notice of this as a real
possibility?
Mr. Nahmias. Senator, that is a very good question, and
actually the FDA, the Food and Drug Administration is the
agency on the front line of that issue of ensuring that the
drugs are safe. Although the Department of Justice and our law
enforcement regulatory partners need to provide a supporting
role in terms of the FDA's enforcement effort, that issue is
being examined by a task force in the administration. The
Conference Report for the Medicare Modernization Act required
the Secretary of HHS to examine the issue of drug importation
and look at limits on resources and legal authorities. I know
both within the Department of Justice and within the
administration, that is an area that we are looking at because
of the concern that on the one hand we are expanding the
funding in that area and directing people to the Internet as a
source of information; on the other hand we realize that where
there is money and where there is the Internet, there is a
potential for criminal activity. So I think that is an area
that we are concerned about and we are trying to get on the
front end of.
The Chairman. You are right to assume there is going to be
a substantial amount of money flowing in that respect.
Anyone else wish to comment on that?
Mr. Maxwell. It presents a little bit of a problem from my
agency's standpoint. I have had several discussions with our
counterparts at Food and Drug Office of Criminal Investigation,
and also I met with our counsel's office, and I guess our
jurisdiction really was somewhat limited to the fraud end of
those types of promotions. If they can enhance some of the
other provisions in terms of either under a DEA schedule or
some other type of avenue for us, we could probably have more
reason to be involved. We certainly do welcome and we recognize
the problem. I remember there were hearings on this two or 3
years ago and that created quite a stir.
The Chairman. Lawrence, let us stay with you. We have all
talked about seniors and their fixed incomes, but also we
talked about the money they have and the money they seek to
invest, and they have tremendous buying power as a class of
citizen in our country, and they give a lot. They are very
charity minded.
Are you able to tell us if any charity monies given by
seniors has found its way into the hands of suspected terrorist
organizations?
Mr. Maxwell. That is the question of the hour, actually,
because we had inspectors assigned to Green Quest, which was
the first initiative back under Treasury, and it has morphed
into some different names now, but with a focus primarily on
that type of activity. What we saw was some limited cases where
it could clearly be drawn, and of course, you have read some of
the headlines where certain individuals were charged, I think
in Illinois was one I read about where they were dismissed
later because there was not enough to show that tie into
terrorism.
It is clearly a concern from a security standpoint if
nothing else, but also from a fraud standpoint, people being
victimized based on their good nature. We have a lot of types
of these things happening, like right after 9/11 we would see
them crop up. After any calamity generally you will see these
things emerge.
It is just very difficult to identify them quickly enough
to take action before people are hurt. So the sooner we hear,
the better always.
The Chairman. David, is a false website, let us say in a
post-9/11 event where monies are being asked for for charitable
purposes and it is a fraud, is that considered phishing?
Mr. Jevans. That is typically not considered phishing
unless somebody is sending out spam e-mails to pull people into
one that may be replicating a legitimate one. So you may see
things where there is a legitimate site out there collecting
monies and someone sets up a fake one, and they pull people in
that way definitely.
The Chairman. Go ahead, please.
Mr. Beales. If I could just add to that. What we see most
often in fraudulent charitable solicitations is badge fraud,
where the----
The Chairman. It is what?
Mr. Beales. Badge fraud. The appeal is to help the local
police or fire fighters or some local connection like that. We
have brought those kinds of cases and worked with State and
local partners in those kinds of matters, but what we have--
that is where we most frequently have seen the fraudulent kinds
of solicitations.
The Chairman. Howard, let us stay with you. You mention in
your testimony seniors continue to be hit by telephone fraud 44
percent of the time. Is it true that phone use for senior scams
is decreasing as the use of the Internet is increasing?
Mr. Beales. It certainly is in our complaints. We are
seeing more and more Internet and less and less telephone. That
is very much the trend, but it is hard to say how much of that
is real and how much of that is the nature of complaints.
Complaints are easier online, so for people who are online and
where the contact is online, they may be more likely to file a
complaint and that would change the relative proportions.
There is clearly still a lot of telemarketing fraud out
there, and we are bringing numerous telemarketing cases that go
after those problems.
The Chairman. Do you know if Internet fraud now exceeds the
U.S. Mail service as a means of scamming people over 60?
Mr. Beales. It certainly does as a means of the first
contact in our complaints, and again, with the same caveat,
that it is hard to tell how much of that is real and how much
of it is complaints.
The Chairman. President Bush signed anti-spam legislation
last year. How is the fight against spam going at this moment?
Mr. Beales. The fight against spam is going to be a long
and difficult one. There is no single or easy solution
unfortunately. We have brought already more than 60 cases under
the FTC Act, challenging fraudulent and deceptive spam. We have
numerous other investigations in the pipeline and will continue
to devote a lot of resources to it.
We are engaged in rulemakings to implement parts of that
statute. We just published a broad advance notice of proposed
rulemaking on the kinds of rules that might be necessary. We
are also working closely with the criminal authorities to try
to develop cases that may be appropriate for criminal
prosecution under Can Spam. There is progress, and but it is
slow and it is going to take time.
Mr. Jevans. Mr. Chairman.
The Chairman. Yes?
Mr. Jevans. We have noticed that there has been some
decrease in spam to the companies that launched major lawsuits
a week or so ago. That would be Microsoft, AOL. Earthlink and
Yahoo came together and launched quite a number of lawsuits.
AOL has come out and said they have seen a decrease in the
amount of spam. However, the overall amount of the spam on the
Internet, which we are measuring on a daily basis, has not
decreased.
The Chairman. Is it increasing?
Mr. Jevans. It continues to increase, and it may be just
that it is moving away from those big entities who have a lot
of legal muscle, and just moving out to everybody else.
The Chairman. Thank you.
Tanya, would you highlight for us the top three investment
schemes that seniors seem to be drawn to and why?
Ms. Solov. The top one is probably I would say the scheme
where investors are asked to invest in a company that is just
going public, and generally these are ``startup companies''
that usually deal with either technology or medicine. They are
companies that are touting that they have the cure for cancer
or for AIDS or other ailments. So that is probably the top scam
that we are seeing.
Second, we are seeing a tremendous number of scams
involving real estate ventures. The public has heard that one
segment of the economy that continues to grow and is doing
really well is real estate. So the con artists have set up
shops indicating that they are investing in real estate
ventured.
Third, I would say prime bank notes or foreign investments.
Again, senior have heard the term--and other investors too--one
must diversify. So they are encouraged to invest in foreign
investments, foreign currencies and at companies that are
allegedly investing in developing countries.
The Chairman. David, who is liable if a consumer falls for
a phishing attack and their information is stolen and misused?
Mr. Jevans. Typically if it is a credit card that has been
stolen, generally the consumer is protected under Regulation Z,
and the bank typically or the merchant will be liable on the
Internet, if it is using an Internet merchant, it would be the
merchant. However, if a consumer's bank account information
is----
The Chairman. But right now we just heard Dave say that the
theft of the identity is not punishable as much as what you use
the identify for; is that correct?
Mr. Nahmias. They are separate crimes and you can charge
someone, but under the sentencing guidelines currently they
merge for sentencing purposes so there is no additional
penalty, and frankly, prosecutors often do not charge them
because you have to prove more and you do not get any bank for
your buck.
The Chairman. I see.
Go ahead, David.
Mr. Jevans. Typically people are prosecuted under wire
fraud, mail fraud, bank fraud. So if it is a credit card, the
consumer is usually OK. It is usually the merchant who is
liable. If it is a bank account that has been basically
broached, legally in the United States it would be consumer who
is liable because they have divulged their password to someone
who is not the bank. However, fortunately, banks will make
consumers whole, and in the rare case it happens, they will
usually reimburse them.
If a Social Security number is taken and loans are taken
out against the consumer, if they can prove fraud they can
usually get restitution, but that can be a long drawn-put
process.
The Chairman. David, I am going to ask you this last
question, and you all may want to respond to it. We recently,
at least within the last year and a half or two, saw a movie
with Tom Hanks and Leonardo DiCaprio, in which Leonardo was the
ultimate check-writing artist and ID scam artist. True story.
He was ultimately caught by the FBI and their Check Fraud
Division, and ultimately used by them to take down other check
writers. You have just heard Mr. Groover this morning offer
some suggestions. Obviously, he was talented enough at the time
to take a lot of money out of ID theft and credit cards. You
are apprehending people who are obviously very talented at what
they do to access and to develop fraudulent documents and
materials on the Internet. Are you using them? Are they willing
to come forward after caught? Is their information and their
knowledge a usable commodity? Do you solicit from them for
information blocking the kind of scams that go forward, or are
they simply stuck in a Federal pen and left there?
Mr. Jevans. Regrettably, most of them have not been caught,
particularly in the phishing side of things which is
technologically advanced. We have established some
communication with people. The ones who have been caught mostly
have been amateurs. The more technical ones, there have been
dialogs. We understand what they are doing. There appears to be
correlation between what they are doing and virus writers. As
we all know, catching virus writers is extremely difficult.
There are rewards out of hundreds of thousands of dollars and
nobody has been really caught yet.
I thought that Mr. Groover had some very good points and
some of those could definitely help.
The Chairman. Did you take notes?
Mr. Jevans. Absolutely, absolutely.
The Chairman. Can you imagine going back to the office and
saying, ``I have just gotten this information from a convicted
felon?''
Mr. Jevans. I will be. [Laughter.]
The Chairman. All right.
Mr. Jevans. I thought his idea about a pass key to your
credit reporting information was definitely a good one and
would not require wholesale re-engineering of that system.
However, you do have the vulnerability that if you type that
into a fraudulent website, that person has got it, so there are
some technical things that need to be worked out there.
The Chairman. Anyone else wish to react to that last
comment or question? Howard?
Mr. Beales. Senator, I think there is a delicate balance
that the Congress worried very much about in re-authorizing the
Fair Credit Reporting Act at the end of last year, between
security of credit information, which is clearly important, and
ease of access to credit on behalf of consumers who need
credit. There really are some difficult tradeoffs there. I
think there are a great many Americans who do not know they
have a credit report, let alone able to remember the pass key
that they would need to get into it----
The Chairman. Until they are told----
Mr. Beales. That is bad.
Mr. Maxwell. Senator.
The Chairman. Yes.
Mr. Maxwell. To get right to the heart of what you said
earlier, I did not have the pleasure of meeting Mr. DiCaprio,
but I did meet Mr. Frank Abagnale, who was what the movie was
based on.
The Chairman. Yes.
Mr. Maxwell. We invited him to speak at one of our fraud
training symposiums, and a fascinating individual, as you would
expect. He mentioned that he does one venture a year for the
Federal Government to pay back what he had done to the country,
because I engaged him in conversation and she shared that with
me.
We have videotaped telemarketing, people convicted of
telemarketing cases, investment schemes, and we use them in our
training effort. If David will forgive me, we also invite them
to the defense bar sometimes, to come and help train our
agents, so it is very valuable. Yes, I took notes as well.
The Chairman. The criminal mind is usually a pretty bright
mind.
Mr. Maxwell. Yes, very much so.
Mr. Nahmias. I would agree. We learn a lot from the people
we catch. Usually our preference is both to have them
incarcerated and to learn from them, rather than other
alternates, but the Federal sentencing guideline system is set
up to create great incentives for people to cooperate with the
Government. The other thing I would say, is while I think Mr.
Groover had some good ideas, I was pleased that some of the
ideas he has such as interagency coordination to collect
complaints are already in effect.
The Chairman. I did see you smiling once there when he made
that comment.
Mr. Nahmias. It is nice to know that we are ahead of the
criminals on some things, and really a lot of the credit for
that goes to the FTC.
The Chairman. Tanya, gentlemen, thank you all very much for
your testimony today, as we continue to try to stay on top of
this rapidly evolving issue. I oftentimes tell this story, and
I will conclude with it.
I have a mother-in-law who lives in a retirement community
in Tucson. Five years ago there was a lovely pool room in that
retirement community, and I walked by there with my father-in-
law, and nobody was using it. Two pool tables, the lights were
out. I said, ``Nobody plays pool here?'' He said, ``Not
really.'' At that time, and still today, my wife is much better
on the Internet and with a computer than I, and she was
teaching my father-in-law and mother-in-law to gain access to
the Internet. They said, ``You ought to do this for the rest on
this living group.'' That evolved into the taking out of the
pool room and the putting in of a computer room. I think there
are 12 terminals there now.
I was down there recently. My father-in-law has since
passed away, but my mother-in-law is still very active. Walked
by there at about 10 o'clock one night in a community in where
the average age is probably 78 to 80, and there were five
people in there, talking to their grandchildren and their kids,
and on eBay, so the world is changing very rapidly for that
senior community. They were slow to come to the Internet, but
they are now coming very rapidly, as I mentioned, and we are
now encouraging them to go there, and certainly my generation
of baby boomers, they are all going to be pretty computer
literate when they get to that age. So what we do here now and
the foundational work we do to catch the fraud and the criminal
that will access them through the Internet, is I hope
productive work.
I thank you all very much for being with us this morning.
The Special Committee will stand adjourned.
[Whereupon, at 12:09 p.m., the Special Committee was
adjourned.]
�