_____Cybercrime Headlines_____ • FTC Says List Will Not Reduce Spam (washingtonpost.com, Jun 15, 2004) • Maryland Governor Signs Spam Law (washingtonpost.com, May 27, 2004) • Study: Online Crime Costs Rising (washingtonpost.com, May 24, 2004) • More Cybercrime Headlines ___Tech Policy/Security E-letter___ Written by washingtonpost.com's tech policy team, the e-mail version of this weekly feature includes an original news article and links to policy and cyber-security stories from the previous week. • Click Here for Free Sign-up • Read E-letter Archive E-Mail This Article Print This Article Permission to Republish

By David McGuire
washingtonpost.com Staff Writer
Tuesday, May 18, 2004; 7:43 PM

An Internet scammer who used e-mail and a fraudulent Web site to steal hundreds of credit card numbers was sentenced to almost four years in jail Tuesday, one of the stiffest-ever penalties handed down for online fraud.

Houston, Texas federal court Judge Vanessa Gilmore sentenced Houston resident Zachary Hill to 46 months in jail for his role in duping consumers into turning over 473 credit card numbers.

The Justice Department said the sentence is "one of, if not the longest" ever handed down against an e-mail scammer, said spokesman Michael Kulstad.

Hill, 20, used a "phishing" scheme to make his e-mail look like it came from America Online, the nation's largest Internet service provider, or PayPal, the online payment subsidiary of auction giant eBay. The message told victims that their accounts had lapsed and that the companies required their credit card numbers and passwords to restart them.

Hill prompted recipients to enter their information into Web forms designed to look like pages run by the companies, the Justice Department said. Hill then used the credit card numbers to buy $47,000 in goods and services.

"I think phishing is one of the most serious and offensive of the frauds we see out there in the spam world. This is outright theft. I think this should send a strong message to people who want to steal from consumers that they can do some serious time for it," said Howard Beales, the director of the Bureau of Consumer protection at the Federal Trade Commission (FTC).

The FTC worked with the Justice Department on the Hill case as part of an overall effort to collaborate more closely on fighting computer crime, Beales said. Federal regulators have ratcheted up their efforts to crack down on the worst Internet scams, Beales said.

Regulators are targeting phishing because it can fool even savvy Internet users, Beales said. "The problem is these Web pages look like they're supposed to. They may even have a name like they're supposed to. Unless you're really fairly sophisticated and very careful about where you are it's really easy to be tricked."

The FTC advises consumers never to click on links in e-mails advising them about their account status at various Web sites. It's always better to type in the Internet address manually and go to the proper Web site to ask questions, Beales said.

Sen. Conrad Burns (R-Mont.), who co-authored the federal anti-spam law that took effect in January, applauded the stiff sentence.

"I have said from the beginning that enforcement is key. We need movement from all angles of this issue to really make a dent in the amounts of spam out there," Burns said. "With the action we have seen in the past few months, and today's announcement, we are sending a clear message to spammers that the work they do is out of bounds."

Hill was charged under a federal fraud statute and pleaded guilty in February. He was not charged under the new "Can-Spam" law that went into effect in early January.

Hill's defense attorney, Victor Blaine, did not return a telephone call seeking comment.