Jewish World Review
http://www.jewishworldreview.com | (KRT) Best Buy Co. took to the Internet Friday in a continuing effort to alert millions of customers to a massive e-mail scam affecting the company.
A fake e-mail message purporting to come from bestbuy.com's fraud department is asking consumers from here to Australia to share personal information, including Social Security and credit-card numbers.
"We e-mailed our entire customer database with a message that this is a hoax and don't respond to it," Best Buy spokeswoman Dawn Bryant said.
Bryant said Best Buy is continuing to work with the FBI, the Federal Trade Commission and other agencies in an attempt to discover where the scam began and who is behind it. The FBI said no arrests have been made.
Investigators said Friday they had not had heard reports of victims giving the scam artists their credit-card or Social Security numbers but that it was still too early to tell.
Meanwhile, Best Buy Friday afternoon removed the "buy" function from its own Web site, limiting bestbuy.com to a "browse" only mode as part of a previously planned move to relaunch the company's online site July 1.
"We won't be taking any online orders within the next week and half," Bryant said. "But this has nothing to do with the scam."
Despite the e-mail scam, Bryant stressed there was no security breach of bestbuy.com and its customer information remains secure and confidential. "We are now sure that no systems were breached," she said.
Best Buy learned of the hoax on Wednesday afternoon after thousands of consumers began calling company service representatives inquiring about the fake e-mail message. Media reports followed.
Bryant said she didn't know if the scam had hurt the company's image or if had adversely affected online orders from its legitimate Web site.
The scam isn't unique, law enforcement officials said.
Well-known institutions ranging from America Online, the nation's largest Internet service provider, to eBay, the highly popular online auction site with millions of subscribers, to even the U.S. Internal Revenue Service have been used in variations of this cyberscam in recent years, they said.
The Best Buy scam was more sophisticated than most, however, said Special Agent Paul McCabe, a member of the FBI's computer crimes squad in its Minneapolis office.
The perpetrators used the Internet to mass-mail their fraudulent e-mail with the subject line: "BestBuy Order... Fraud Alert," telling the recipient someone made a suspicious purchase in his name. It asked the recipient to contact Best Buy by clicking a link in the e-mail that would then take their computer browser to a fake Web site for Best Buy's fraud department.
On the site, people were asked to enter credit-card and Social Security numbers and click to send it, presumably to the thieves, McCabe said.
The site resembled Best Buy's design down to the tiniest details. If a person clicked on the site's tabs, to go shopping, for instance, his or her Web browser would be redirected to the correct page on the real Best Buy site, preserving the illusion that it was a legitimate site, the agent said.
The FBI quickly shut down the scam site but someone revived it at some point in the last two days and sent out more of the e-mail messages before it was shut down again, McCabe said.
The FBI has no idea how many of the fraudulent e-mails were sent out but estimates the number could easily reach into the hundreds of thousands, McCabe said. The FBI has gotten complaints about the messages from France and other parts of Europe as well as Australia, he said.
"We haven't had anything this large in this part of the nation - a fraud scam with spam e-mail that links to a Web page," McCabe said.
The bureau's Minneapolis office is coordinating its investigation with international law enforcement agencies, state authorities and the Internet Fraud Complaint Center, a national clearinghouse for cybercrime cases that has been inundated with complaints about the Best Buy case in the past two days.
The FTC earlier this year reported that known cases of identity theft increased nearly 88 percent last year. The agency recorded 161,800 identity theft complaints, up from 86,200 in 2001. ID theft accounted for 43 percent of all its fraud complaints, said Naomi Lefkovitz, an attorney for the FTC's identity theft program.
The average fraud case cost its victims $800, she said, but the cost for all fraud totaled $343 million, according to the FTC's annual report.
The Internet Fraud Complaint Center in Fairmont, W.Va., received more than 48,250 complaints of all kinds of Net scams last year, about triple the number from the previous year and an average of 6,000 a month. But that number jumped in March to more than 9,000 complaints monthly now, said FBI Supervisory Special Agent Steven Francke.
The center received "several hundred complaints" about the Best Buy scam in the past two days, making it very noticeable, he said.
Tracking the perpetrators won't be easy. They often use poorly configured computers in developing countries in Eastern Europe and Asia to send their e-mail, like spam artists, to hide their true location, and fake identities to register Web pages.
And with more than 600 million people using the Internet today, it may be like looking for the proverbial needle in the digital haystack.
"It can be very difficult," McCabe acknowledged. "But it's not impossible."
Appreciate this type of reporting? Why not sign-up for the daily JWR update. It's free. Just click here.
Comment by clicking here.