Scam artists are casting about the Internet, hoping to reel in new victims with an old ploy.
In the most recent scheme, law enforcement officials say e-mails that look like they came from SBC Internet Services and the Federal Deposit Insurance Corp. were sent to thousands of Internet users in the United States.
The fake messages directed people to a Web site that looked official. Officials said the scam artists hoped to capture credit card numbers and other personal information so they could make fraudulent purchases.
Their chicanery is known as "phishing" -- a combination of the words "fishing" and "phony."
Last week, SBC and the FDIC warned the public to be wary of any e-mails asking for credit card, password or banking information.
SBC became aware of the phony e-mails and sites early last week after a customer complained. Each e-mail had an SBC return address on it and a link that seemed to go to an SBC Web site, said Vanessa Smith, spokeswoman for the company.
The e-mail asked that the recipient go to the Web site and fill out the form to prevent an interruption of service.
The company immediately sent out e-mails to all of its online customers in 13 states warning them of the scam, Smith said.
"We want all our consumers to know that SBC would not request that information, and we would not do it through e-mail," Smith said. "The Web site was shut down, and we've monitored it to make sure a new one didn't take its place."
Smith said SBC is continuing an investigation into the phony e-mail scam.
Last week, another e-mail that looked like it came from the FDIC went to thousands of e-mail inboxes in the United States.
That e-mail said the receiver was suspected of committing "violations of the Patriot Act." It said bank accounts would be denied insurance unless personal information was submitted to the Web site listed in the e-mail.
A statement released from the FDIC says that the e-mail is being investigated by the FBI.
"The big flaw with the e-mail is that if you violated the Patriot Act, the government isn't going to tell you by e-mail," said Detective Kipp Loving with the Sacramento Valley Hi-Tech Crimes Task Force. "You will instead get a knock on your door."
Phishing -- also known as "spoofing" -- is one of the oldest scams on the Internet, Loving said. The criminals copy the art used on the Web site of an organization they are trying to imitate.
"Many times they will use real phone numbers or real links to the real company on their Web page or in their e-mail," Loving said. "They hope that you will call the number, get customer service and then be put on hold.
"Then you will get tired of waiting to talk to a customer service rep, hang up and just fill out the form on the Web page," he said.
Phishing usually targets customers of the online bank PayPal, the auction site eBay and Internet service providers Earthlink and America Online, Loving said.
"AOL is the easiest because it's so user-friendly, has bright colors and often its the children of the household who use it," Loving said. "The kid tells mom and dad he needs a credit card number to renew his AOL account, and they hand it over."
The first time valley authorities uncovered a phishing scam was in 1995, said Kirk Stockham, a retired computer forensics investigator for the Modesto Police Department. It involved a phony AOL site.
"Three Modesto juveniles were sending out an e-mail with an AOL logo and asking for credit card information," Stockham said. "They used an empty house as their drop spot for all the stuff they bought. We had never seen anything like that before, and it really surprised us."
Stockham now collects snapshots of phishing sites. He then shows them at fraud-protection seminars. "I have about 30 that I've captured," he said.
It's difficult for many computer users to figure out when an e-mail is a scam. Common errors include misspelled words on the Web site or in the e-mail, he said.
Also, legitimate companies usually won't ask for passwords or credit card information. "They've already got that," he said.
Instead, if there is a problem with an account, most companies will require the user to first log on to the official Web site and then enter the data.
"And when in doubt, call them," Stockham said.