COLUMBIA, S.C. A federal court ordered Comcast to divulge the identities of certain Internet subscribers to AllSouth FCU in its bid to discover the perpetrators of an online phishing scam targeting its members.
Yesterday’s order, pursuant to the Cable Communication Policy Act, requires Comcast to disclose subscriber information for two Internet addresses used to contact AllSouth members last month and convince them in the name of the credit union to give out their account information, enabling the fraudsters to drain tens of thousands of dollars from the credit union.
The order allows Comcast seven days to notify the subscribers that their identity is sought by the credit union and gives the subscribers 21 days to contest the disclosure of their identities.
The request to the U.S. District Court for the District of South Carolina was made in a civil suit seeking “John Does” or “Jane Does” who convinced at least 125 AllSouth members to give them personal account information, which was used to access their funds. Efforts to discover the identities of the perpetrators have so far been unsuccessful, according to the credit union, which hopes legal discovery tools available in a civil lawsuit will help it unmask the fraudsters.
The goal of the suit is to thwart an expanding form of Internet fraud aimed at credit union and bank account holders who have received text messages purporting to be from their credit union or bank and advising them to call a phone number to unblock an account. Once calling the number, people are asked to enter their debit or credit card numbers and other personal information such as a Social Security number. The personal information may then be used by the perpetrators to access the members’ accounts.
In one April 7 message purporting to be from AllSouth and labeled “Alert,” the member was told his/her account access was limited and required a call to a particular phone number to remove the restrictions. AllSouth members received varying messages with the same aim. When calling the number the members were greeted with a verbal message that said “Welcome to AllSouth Federal Credit Union” and asked to key in personal account information. In some cases, the information was used to transfer funds out of a member’s account.
The suit charges the unknown phishers with infringement of the $650-million credit union’s trademark and of violation of the Racketeer Influenced and Corrupt Organizations Act, known as RICO. The credit union is asking the court to order an immediate injunction against the scammers and to award it treble damages.
