The sentencing this week of a Texas man was a notable victory for the U.S. government in its fight against a form of online fraud known as "phishing." However, a recent surge in such scams highlights the need for more than customer education, with some computer security experts calling for major changes in the way sensitive information is exchanged online.

Zachary Keith Hill, 20, was sentenced Tuesday to 46 months in prison after pleading guilty to defrauding America Online Inc. (AOL) and PayPal customers with a sophisticated online phishing con, the U.S. Department of Justice (DOJ) said.

Hill admitted he fraudulently obtained credit card and bank account numbers and defrauded consumers of US$50,000 in two phishing scams. The customers were fooled into providing the information after receiving e-mail messages from Hill containing links to Web pages that harvested personal information. The e-mail looked like official correspondence from the companies.

Such scams proliferate because online criminals, including organized crime groups, enjoy relatively high success rates from phishing crimes, which rarely result in arrest, said Avivah Litan, vice president and research director at Gartner Inc., which recently published a report on phishing

"Criminals feel like 'It's a lucrative, low-risk crime. So what's the harm in trying?'" she said "They're getting a 3 percent click-through, whereas the success rate with spam is just 1/2 percent."

Source: MacCentral

I am not sure that putting these people in jail are the answer, as this nation's jails are overcrowded as it is. I would much rather see the DOJ have obscene fines and actually enforce them. The DOJ also needs a higher convict-through rate though.

Originally posted at Breaking Windows.