COLUMBIA, S.C.-A federal court has ordered Comcast to divulge the identities of two Comcast e-mail users in its bid to discover the perpetrators of an online phishing scam targeting AllSouth FCU members.
The order, pursuant to the Cable Communication Policy Act, requires the Internet and cable TV provider to disclose subscriber information for two Comcast e-mail addresses used to contact AllSouth members in April in a bid convince them to divulge their account information, enabling the fraudsters to drain tens of thousands of dollars from the credit union.
The court gave Comcast seven days to notify the two subscribers that their identities are sought by the credit union and gave them 21 days to contest the disclosure.
The request to the U.S. District Court for the District of South Carolina was made in a civil suit seeking "John Does" or "Jane Does" who convinced at least 125 AllSouth members to give them personal account information, which was later used to access their funds.
Efforts to discover the identities of the perpetrators have so far been unsuccessful, according to the credit union, which hopes legal discovery tools available in a civil lawsuit will help it unmask the fraudsters.
The goal of the suit is to thwart an expanding form of Internet fraud aimed at credit union and bank account holders who have received text messages purporting to be from their financial institutions advising them to call a phone number to unblock an account. Once calling the number, people are asked to enter their debit or credit card numbers and other personal information such as Social Security numbers. This personal information can then be used by the perpetrators to access the members' accounts.
In one April 7 message purporting to be from AllSouth and labeled "Alert," members were told their account access was limited and they were required a call to a particular phone number to remove the restrictions. AllSouth members received varying messages with the same aim.
When calling the number, members were greeted with a verbal message saying: "Welcome to AllSouth Federal Credit Union," and then asked to key in personal account information. In some cases, the information was used to transfer funds out of members' accounts.
The suit charges the unknown phishers with infringement of the $650-million credit union's trademark and of violation of the Racketeer Influenced and Corrupt Organizations Act, commonly known as RICO. The credit union is also asking the court to order an immediate injunction against the scammers and to award treble damages in the case.
