Department of Justice Seal Department of Justice
TUESDAY, MAY 18, 2004
(202) 514-2007
TDD (202) 514-1888


Spammer Posed As Aol And Paypal To Con Customers Into Providing Personal Information

WASHINGTON, D.C. - Assistant Attorney General Christopher A. Wray of the Criminal Division announced today that Zachary Keith Hill, of Houston, Texas, was sentenced to almost four years in prison (46 months) for orchestrating a scheme to defraud consumers of personal financial information via spam email.

Hill, 20, was sentenced by United States District Judge Vanessa D. Gilmore on Monday in the Southern District of Texas in Houston. Hill plead guilty to a criminal information on Feb. 9, 2004, charging him with two felonies: possessing credit card numbers, bank account numbers, and other access devices with intent to defraud and using those access devices to defraud others of nearly $50,000.

As part of the scheme, Hill would send out spam email to consumers leading them to believe that the email was actually from America Online or Paypal. This technique is a commonly-used online identity theft scheme, also referred to as “phishing.” The “from” line identified the sender as “billing center,” or “account department” and the subject line carried warnings such as “AOL Billing Error Please Read Enclosed Email,” and “Please Update Account Information Urgent!” The text of the message contained a warning that if the consumers did not respond to the e-mail, their account would be cancelled. Some of the spam said, “... we have to ask all our members for updated/correct billing information. Please be advised that this is mandatory. If we do not get your updated billing information, your account will be revoked and put under review and may be cancelled.” A hyperlink in the e-mail took consumers to what appeared to be the AOL Billing Center, with AOL’s logo and live links to real AOL Web pages. But the copy-cat Web page belonged to the defendant. The defendant asked consumers to provide information such as their names and mothers’ maiden names, billing addresses, Social Security numbers, dates of birth, bank account numbers, and bank routing numbers. The defendant also asked consumers to provide their AOL screen names and passwords.

The Paypal scheme worked in a similar way, with the defendant using the Paypal passwords that consumers provided to access consumers’ Paypal accounts and to purchase goods or services on their accounts.

According to the criminal information to which Hill has entered his plea of guilty, Hill used the scheme to access 473 credit card numbers, 152 sets of bank account numbers and routing numbers, and 566 sets of usernames and passwords for Internet services accounts. The information also charges that Hill used the fraudulently obtained credit card numbers to obtain goods and services costing more than $47,000.

In a related civil action, the Federal Trade Commission has previously filed a civil complaint against Hill in the Southern District of Texas seeking an injunction and damages for his fraudulent conduct. At the FTC's request, the Court issued a preliminary injunction in December 2003 ordering the defendant to halt his identity theft scam. The FTC, along with the Washington Field Office of the Federal Bureau of Investigation, also provided valuable investigative assistance.

The case was prosecuted by Trial Attorneys Todd Hinnen and Kimberly Kiefer of the Computer Crime and Intellectual Property Section of the Criminal Division at the U.S. Department of Justice, and Assistant United States Attorneys Jay Hileman and Scott Stein of the Southern District of Texas and Eastern District of Virginia, respectively.