Police crack down on US Net fraud ring

Suspects used a fake Web site to trick naive PayPal users into giving up their credit card information

Federal and New Jersey investigators are in the process of rounding up a ring of Internet fraudsters. The suspects were involved in a variety of schemes using stolen credit cards, PayPal.com and eBay.com. As many as 175 people may have fallen for the scam, with one victim losing $5,000 in a single incident.

Two suspects in Brooklyn have already been arrested and a flurry of additional arrests are expected soon, according to documents.

The scam started with a fake PayPal.com Web site designed to trick potential victims into revealing their account information to the suspects.

PayPal customers were sent emails saying "We regret to inform you that your username and password have been lost in our database. To help resolve this matter, we request that you supply your login information at the following website." A link to http://paypalsecure.cjb.net followed.

But victims that fell for the ploy were unwittingly entering their PayPal account information into a Web site set up by computer criminals. About 175 people fell for that part of the scam, according to one source familiar with the investigation. The site was operating for at least two months, the source said.

Next, the criminals purchased big-ticket items on eBay using the stolen PayPal accounts, such as Sony PlayStations. Finally, to actually wring cash out of the scheme, the criminals would turn around and sell those items back on eBay and have the cash deposited in another account.

PayPal refused to comment on the specific investigation, but spokesman Vince Sollitto said computer criminals have set up several password-stealing sites in the past. He said the firm is often pointed to such sites by customers, and then works with Internet service providers and law enforcement agencies to shut them down.

PayPal customers aren't liable for any losses in such a scheme, because they are automatically insured up to $100,000, Sollitto said.

Documents indicate Richard Nicolella, an investigator in the Camden County Investigator's Office in New Jersey, was the first to spot the scam.

"It's pretty widespread," he said. "It was a shopping spree from Black Friday through January."

Nicolella said about $30,000 in merchandise was delivered to one Brooklyn address. The criminals had the items purchased on eBay delivered to mulitple accomplices at many addresses, Nicolella said, in order to prevent suspicion.

Most of the fraud artists are in their 20s, and one of the suspects arrested was already on probation for another Internet scam, Nicolella said. But he refused to provide additional details about the investigation or the arrests. A spokesperson for the FBI in New York also refused to comment.

Creating fake Web pages and tricking victims into entering personal data is hardly a new scam, but it seems to have new life lately. Last weekend some customers of Kaypro Technology, an online computer store, received email from a computer criminal using the same technique as the PayPal fraudster. Fortunately for customers, the scam was betrayed by poor English in the email:

"During this week we have problems with our Customers DataBase we might loss some of our Customers information. So we ask you to fill this form: http://www.kaypro.net/form.htm."

Kaypro Technology's real Web site is Kaypro.com. A spokesperson for the company said it immediately sent email to all its customers warning about the scam. Only a few report receiving the invitation, and none reported falling for it, the spokesman said.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read what others have said.