| FOR IMMEDIATE RELEASE
TUESDAY, MAY 18, 2004
TDD (202) 514-1888
FRAUDSTER SENTENCED TO NEARLY FOUR YEARS
IN INTERNET 'PHISHING' CASE
Spammer Posed As Aol And Paypal To Con
Customers Into Providing Personal Information
WASHINGTON, D.C. - Assistant Attorney General Christopher
A. Wray of the Criminal Division announced today that Zachary Keith
Hill, of Houston, Texas, was sentenced to almost four years in
prison (46 months) for orchestrating a scheme to defraud consumers
of personal financial information via spam email.
Hill, 20, was sentenced by United States District Judge Vanessa
D. Gilmore on Monday in the Southern District of Texas in Houston.
Hill plead guilty to a criminal information on Feb. 9, 2004, charging
him with two felonies: possessing credit card numbers, bank account
numbers, and other access devices with intent to defraud and using
those access devices to defraud others of nearly $50,000.
As part of the scheme, Hill would send out spam email to consumers
leading them to believe that the email was actually from America
Online or Paypal. This technique is a commonly-used online identity
theft scheme, also referred to as "phishing." The "from" line identified
the sender as "billing center," or "account department" and the
subject line carried warnings such as "AOL Billing Error Please
Read Enclosed Email," and "Please Update Account Information Urgent!" The
text of the message contained a warning that if the consumers did
not respond to the e-mail, their account would be cancelled. Some
of the spam said, "... we have to ask all our members for updated/correct
billing information. Please be advised that this is mandatory.
If we do not get your updated billing information, your account
will be revoked and put under review and may be cancelled." A hyperlink
in the e-mail took consumers to what appeared to be the AOL Billing
Center, with AOL's logo and live links to real AOL Web pages. But
the copy-cat Web page belonged to the defendant. The defendant
asked consumers to provide information such as their names and
mothers' maiden names, billing addresses, Social Security numbers,
dates of birth, bank account numbers, and bank routing numbers.
The defendant also asked consumers to provide their AOL screen
names and passwords.
The Paypal scheme worked in a similar way, with the defendant
using the Paypal passwords that consumers provided to access consumers' Paypal
accounts and to purchase goods or services on their accounts.
According to the criminal information to which Hill has entered
his plea of guilty, Hill used the scheme to access 473 credit card
numbers, 152 sets of bank account numbers and routing numbers,
and 566 sets of usernames and passwords for Internet services accounts.
The information also charges that Hill used the fraudulently obtained
credit card numbers to obtain goods and services costing more than
In a related civil action, the Federal Trade Commission has previously
filed a civil complaint against Hill in the Southern District of
Texas seeking an injunction and damages for his fraudulent conduct.
At the FTC's request, the Court issued a preliminary injunction
in December 2003 ordering the defendant to halt his identity theft
scam. The FTC, along with the Washington Field Office of the Federal
Bureau of Investigation, also provided valuable investigative assistance.
The case was prosecuted by Trial Attorneys Todd Hinnen and Kimberly
Kiefer of the Computer Crime and Intellectual Property Section
of the Criminal Division at the U.S. Department of Justice, and
Assistant United States Attorneys Jay Hileman and Scott Stein of
the Southern District of Texas and Eastern District of Virginia,