Medical identity theft: don’t be a victim

Monday, April 21, 2008

Many people are familiar with identity theft, in which con artists use another person’s personal information to commit fraud. Identity theft encompasses a range of crimes, from using a stolen credit card to make an illegal purchase to employing a pilfered Social Security number to establish a new identity.

One truly alarming twist on this trend is medical identity theft, a crime that can threaten your family’s well-being. The Minnesota Society of CPAs (MNCPA) offers an overview of medical identity theft and steps you can take to avoid becoming a victim.

Anatomy of a crime

Much like other identity thieves, medical ID thieves steal personal data, typically insurance information or Social Security numbers. The difference is that these scams involve health care.

1) These thieves may use your identity to get medical care or medications. That’s not the only danger, though.

2) In some cases, dishonest health care providers or a thief may use stolen personal information to file a false claim and receive reimbursement from an insurance company.

3) If you are the victim of medical ID theft, you likely will not be aware that your data has been stolen and that your medical records now show a history of illnesses or procedures that you have never actually had.

An added danger

Unlike conventional identity theft, medical identity theft can actually endanger your health. If a thief has medical procedures performed using your identity, that person’s medical history is now added to your own. Medical identity theft victims who go into the hospital for needed procedures have found out that their records show incorrect information about previous medical conditions. As a result of such mix-ups, patients may receive the wrong blood type in a transfusion or be given a drug to which they’re allergic. There are financial consequences as well. Victims often face credit problems after thieves ring up unpaid bills in their name, which can damage their credit ratings.

Look for warning signs

Medical identity thieves carefully conceal their actions, but there are warning signs that can alert you to a possible problem. For example, you may get a communication from your insurer or a bill from a physician that refers to an unfamiliar medical visit or service. You may also receive notices demanding payments for medical bills in your name. If any of these occur, contact the insurance company or physician immediately to find out more information. The World Privacy Forum also recommends that you ask your insurer for a listing of benefits paid in your name and request a copy of your current medical files from all your insurers.

A personal health record

It’s a good idea to keep a personal health record that details any illnesses you have had, medical services you’ve received and medications that you take. It will help you answer questions about your health and identify potential medical ID theft when something on your records doesn’t make sense.

Do you have further concerns about potential fraud risks facing your family? Your local CPA can help. Consult him or her with any questions you have on these or other financial issues.

East Coast supermarket chain exposed 4.2 million credit and debit card numbers

• Mar 17, 2008 9:59 pm US/Eastern

Hannaford Bros Supermarkets Hit By Big Data Breach

BOSTON (WBZ) ― A security breach at an East Coast supermarket chain exposed 4.2 million credit and debit card numbers and led to 1,800 cases of fraud, the Hannaford Bros. grocery chain announced Monday.

Hannaford said credit and debit card numbers were stolen during the card authorization process and about 4.2 million unique account numbers were exposed.

The breach affected all of its 165 stores in the Northeast, 106 Sweetbay stores in Florida and a smaller number of independent groceries that sell Hannaford products.

The company is aware of about 1,800 cases of fraud reported so far relating to the breach.

No personal data such as names, addresses or telephone numbers were divulged — just account numbers.

Hannaford became aware of the breach Feb. 27. Investigators later discovered that the data breach began on Dec. 7; it wasn’t contained until March 10, said Carol Eleazer, Hannaford’s vice president of marketing in Scarborough.

“We have taken aggressive steps to augment our network security capabilities,” Hannaford president and CEO Ronald C. Hodge said in a statement released Monday. “Hannaford doesn’t collect, know or keep any personally identifiable customer information from transactions.”

The company urged its customers to monitor their credit and debit cards for unusual transactions and report any problems to authorities.

The U.S. Secret Service, whose duties include investigating electronic crimes such as data breaches, confirmed it’s investigating but declined to comment on the scope of the crime.

“The company did contact us, and we are investigating,” said agency spokesman Malcolm Wiley.

MasterCard, the second-biggest U.S. credit card association after Visa, issued a statement before Hannaford’s disclosure: “Because this incident is the subject of an ongoing law enforcement investigation, we cannot disclose additional details regarding the incident or otherwise comment at this time.”

Calls to Visa were not returned.

Mark Walker, an attorney for the Maine Bankers Association, said his organization sent an advisory to member banks Friday after learning of the breach. Only a few had reported suspicious activity involving the credit and debit cards they had issued customers, Walker said.

“I had expected there would be more than we’ve heard of,” Walker said. “But it’s still too early for us to tell.”

Bruce Spitzer, a spokesman for the Massachusetts Bankers Association, criticized the delay in public notification of the source of the breach.

“Visa and MasterCard have stipulated in their contracts with retailers that they will not divulge who the source is when a data breach occurs,” Spitzer said. “We’ve been engaged in a dialogue for a couple years now about changing this rule…. Without knowing who the retailer is that caused the breach, it’s hard for banks to conduct a good investigation on behalf of their consumers. And it’s a problem for consumers as well, because if they know which retailer is responsible, they can rule themselves out for being at risk if they don’t shop at that retailer.”

Paul Stephens, of the San Diego-based consumer advocacy organization Privacy Rights Clearinghouse, said the delay in disclosure “puts consumers in a difficult position because they have no way of knowing whether their accounts may have been impacted or not.”

Eleazer defended Hannaford’s actions.

“We moved with all deliberate speed to get out to customers with information that we could have confidence in,” she said. “This is a complex undertaking.”

Consumer advocates said this crime costs $50 billion each year.  And while victims aren’t held responsible for fraudulant charges, in the end everyone pays.

“At the end of the day, as customers, we all pay for it because we get that passed on to us in the form of higher costs for consumer goods and products,” said Eric Bourassa with MASSPIRG.

Hannaford is advising customers to take the following steps:

• Customers should carefully review their financial institution and credit card statements, and immediately contact their credit card company or issuing bank with any questions or concerns about individual charges.
• Customers with questions may call Hannaford’s customer assistance line at 866-591-4580.

Like Stealing Credit From A Baby

Liz Moyer with Tatyana Shumsky 03.06.08, 6:00 PM ET

When you think about identity theft, you don’t typically think about protecting your kids. Maybe you should.

While adults in their spending years–30s and 40s–are typically the targets, a growing number of victims tracked by the Federal Trade Commission are under the age of 18–some 5% of the total. That’s up from 3% just a few years ago. More than half are under the age of 6.

Video: $45 Billion I.D. Theft In 2007

The reason is simple: It’s practically the perfect crime. All anyone needs is a Social Security number to get started opening new accounts, and parents usually apply for the number when their child is born. Usually the thief is a family member or another adult who spends time in the home, according to the Identity Theft Resource Center.

Child identity theft is especially pernicious because it can go undetected for years, unearthed only when the victim goes for a driver’s license or a student loan, only to be turned down. By then the crime trail is cold, and the thief has likely long abandoned the accounts after maxing them out.

“Consumers who have been victims of identity theft as a child will face great difficulties when attempting to establish credit later in life,” according to information on the Web site of Experian, one of the big three credit-reporting firms.

One of the problems is the lack of cross checking among the various credit reporting agencies and credit issuers about the age of the person seeking credit. So, using any birthday, a child’s stolen Social Security number can be used to take out credit, giving the thief instant credibility.

The age put down on the application becomes the official credit report age and sticks on the credit report unless a dispute is filed and proved.

“The information on the application is typically taken at face value,” writes Linda Foley, founder of the San Diego-based center. “This is a fault within our system that needs to be rectified.”

Consumer advocates also advise parents to closely monitor kids’ use of Web sites and chat rooms, which may ask for personal information on the registration screen, and to educate children about keeping personal information private. If parents start getting a lot of card solicitations in the mail in their child’s name, that is cause for alarm. As if parents didn’t have enough to worry about.

Overall, complaints about identity theft rose 5% in 2007, according to the Federal Trade Commission. The average victim wound up shouldering $691 in costs because of it, up from $554 the previous year. Federal law enforcement efforts to clamp down couldn’t keep thieves from getting away with $45 billion last year.

Man Accused of Stealing 7-Year-Old’s ID

Feb 23, 2:42 PM (ET)

CARPENTERSVILLE, Ill. (AP) – Police in a Chicago suburb say the Internal Revenue Service has told a 7-year-old boy he owes back taxes on $60,000 because someone else has been using the youngster’s identity to collect wages and unemployment benefits.

Officers in suburban Carpentersville said Friday the second-grader’s identity has been in use by someone else since 2001.

Detectives have filed a felony identity theft charge against 29-year-old Cirilo Centeno of Streamwood, Ill.

They accuse Centeno of using the boy’s personal information to collect more than $60,000 in pay and services while working three jobs. They say he also used the boy’s ID to buy a truck, pay bills and even collect unemployment benefits.

A valid SS#, name, and date of birth=$1300 street value

48 people are now indicted as part of Wednesday’s identity theft raid at the Pilgrim’s Pride in Mount Pleasant. Immigration and customs officials confirmed that they’ve been looking into the scam for over a year.

Nearly 300 people in all were arrested in the pre-dawn raids at plants in 5 states. Authorities want to make it clear that the arrests were not random, and they had proof those in custody were working under someone else’s Social Security number.

“A good set of documents that had the right Social Security number and right name could run up to $1300,” said John Chakwin, Special Agent In Charge, Immigration & Customs Enforcement. “Its cost you more money for the right Social Security number and right name and date of birth. All the documents are provided to you, including drivers license, birth certificate. And they are all counterfeit.”

ICE agents said their investigation started when the victims of these identity theft came forward after such issues as they couldn’t get credit reports, and had problems with their taxes.

Garcia said it was well known that around 80% of the workers at Pilgrim’s Pride had fake identification. He also said the plant had to have known about it.

91 Pilgrim’s Pride Workers Face Criminal Charges in Ongoing Identity Theft Probe

Mount Pleasant Plant Included in Raids

April 20, 2008

U.S. Immigration and Customs Enforcement (ICE) agents worked through the night processing the more than 300 foreign national workers arrested yesterday at Pilgrim’s Pride plants in five states who are suspected of committing identity theft and other criminal violations in order to obtain their jobs. The most arrests by a wide margin was forty-six in East Texas town of Mount Pleasant, which is the headquarters of Pilgrim’s Pride.

Of the 311 Pilgrim’s Pride employees taken into custody during the enforcement action, 91 have been charged so far with criminal violations, including false use of a Social Security number and document fraud. The workers facing criminal charges have been turned over to the custody of the U.S. Marshals Service. The remaining Pilgrim’s Pride employees are being processed for removal on administrative immigration violations.

All of the individuals arrested during yesterday’s operation were interviewed by ICE agents and health care professionals, assigned to ICE from the Department of Health and Human Services Division of Immigration Health Services, to determine if they had health, caregiver, or other humanitarian concerns, and to identify possible urgent medical needs. As a result of those interviews, 58 of the workers were processed and released on humanitarian grounds under supervision, pending future immigration proceedings.

ICE has established a toll-free number that family members can call to get information about a relative’s detention status and the removal process. The toll-free hotline number is 1-866-341-3858.

Yesterday’s enforcement action is the result of an ongoing ICE-led investigation in cooperation with the U.S. Attorneys’ Offices in the Eastern District of Texas, the Eastern District of Arkansas, the Eastern District of Tennessee, the Middle District of Florida, and the Northern District of West Virginia. Also aiding in the investigation are the Department of Labor’s Office of the Inspector General; the Social Security Administration’s Office of Inspector General; the U.S. Department of Agriculture’s Office of Inspector General; U.S. Customs and Border Protection; the U.S. Postal Service; the U.S. Marshals Service; the West Virginia State Police; and numerous other state and local agencies.

As part of the investigation, ICE conducted simultaneous enforcement actions yesterday at Pilgrim’s Pride plants in Mount Pleasant, Texas; Live Oak, Fla.; Chattanooga, Tenn.; Batesville, Ark.; and Moorefield, W.Va. More specific information about each enforcement location is included on an updated fact sheet available at www.ice.gov.

The management at the affected Pilgrim’s Pride facilities cooperated fully with the arrests. Pilgrim’s Pride Corp., headquartered in Pittsburg, Texas, is one of the largest chicken-processing companies in the United States.

ICE’s ongoing investigation determined that many Pilgrim’s Pride workers committed identity theft and other criminal violations to obtain their jobs. ICE agents have interviewed numerous individuals during the course of the probe whose identities were stolen by Pilgrim’s Pride employees. Those victims described a myriad of hardships they suffered as a result, including mistaken tax liens, denial of medical and social services benefits, and damage to their credit ratings.

Misuse of Social Security account numbers is a felony that carries a maximum penalty of five years in federal prison and a fine of up to $250,000. After completion of the criminal proceedings, defendants found to have been in the United States illegally will be returned to ICE custody and placed in deportation proceedings.

What one man is doing to fight the nation’s fastest growing crimes: Identity Theft

ROY L. WILLIAMS

Sunday April 20, 2008

News staff writer

For the past five years, Jimmy Parrish has helped companies across 20 states implement plans that help their customers and employees avoid falling victim to one of the nation’s fastest-growing crimes: identity theft.

It is a job Parrish takes personally – his identity was stolen by scam artists five years ago.

More than 162 million personal records were reported lost or stolen last year, triple the 49.7 million that went missing in 2006, Parrish said. A February report from the Federal Trade Commission ranked Alabama 17th among U.S. states in the number of identity theft complaints last year, up from 27th in 2006.

It is a crime that can create havoc for both businesses such as TJ Maxx and governmental agencies such as the U.S. Veterans Administration, both of which reported huge identity theft breaches last year.

Parrish shares why identity theft continues to rise and tells his story…

“Someone had checks made with my routing number and account number but with a fictitious address in Coosa County. They also had a fake Alabama driver’s license with my name, but someone else’s picture.

Over $3,000 in hot checks were written to Mississippi casinos, cleaning out my account. My local bank reimbursed me every dollar since they budget for that occurrence. However, they required me to spend parts of three days in their branch to meet with fraud investigators, who performed handwriting analysis until they were convinced I was not the culprit.”

“I literally was considered guilty until proven innocent, and felt like I was being treated as the criminal instead of the victim.“

“I promptly changed banks after the ordeal, which helped focus my efforts on making a difference in the area of identity theft risk management and keeping other identity theft victims from not having to experience the trials I had gone through.

A mentor from my youth in Montgomery, who later served as chief of staff for Alabama Gov. Fob James, got involved in this field in the late 1990s. I was intrigued but not convinced I could make a living in this new and upcoming niche consulting market.”

“At that time, I had started my own company specializing in religious event planning and international missions travel. After 9/11 crippled my business in 2001 and 2002, I launched full time into this field in 2003 and now have clients in over 20 states.

I show businesses how to minimize the risk and mitigate the damages when identity theft strikes a member of the business community. No business is immune, public or private, for-profit or nonprofit. A business employing one person or a business employing thousands of employees can fall victim.”

“I have clients that fit all ranges of business types. I seek to educate a business owner about the new identity theft laws requiring businesses to be taking reasonable measures to ensure sensitive and nonpublic information is not compromised, based on Federal Trade Commission guidelines.

The ID theft consulting field continues to grow. Whereas other industries are laying off employees and entering downturns, my business has never been stronger, having set income records each month in 2008 over 2007.”

Because many of the perpetrators are operating outside our country’s borders, mostly through the Internet, where our laws cannot touch these thieves. The U.S. government is trying to police business owners, whom they can control.

New ID theft laws have been passed this decade, but when thieves are caught, the sentences have been so light that incarceration, fines and penalties are not serving as much of a deterrent. Now, 38 states have either passed laws or in the process of doing so.

What should you do if victimized by identity theft?

Contact one of the three major credit bureaus to place a fraud alert on your credit report. That bureau will contact the other two signaling to credit granters that a thief may be using your identity for criminal means.

Close all accounts. Begin with credit cards and close bank accounts if your check book was stolen. File a police report. Regardless of what you experience, you will need to take action immediately to minimize the ultimate financial impact.

ICE breaks up large identity theft ring at poultry plants

Now that employers are starting to get tough on checking that employees’ social security numbers match their names, some employees that are illegally in the country are getting around that by simply making sure that their names actually do match their numbers. How do they do it? They steal (or borrow since there may be some consent involved) the identity of a legal worker.

Immigration and Customs Enforcement just conducted a sweep of five chicken plants yesterday and arrested 280 workers in one such alleged identity theft scheme. The employer, Pilgrim’s Pride, cooperated with ICE officials and no company employees were charged. If this sounds familiar, it is is similar to what happened in 2006 at the Swift meatpacking plants around the country.

I certainly don’t condone this. But I will say that as the pressure on workers mounts, you should expect to see more of this as well as more employers paying workers in cash. And a system that encourages identity theft or working under the table is bad public policy. We need immigration enforcement. But until we deal with the question of why employers and employees are willing to such risks, we’re never going to solve the problem. The reason this is happening is pretty straightforward – we lack a legal way to meet the demands of the market. A tiny percentage of workers and employers might choose to break the law even if a legal and manageable way to import workers was available. But most would not. Until we have a workable guest worker program that matches up supply and demand, we will continue to see a black market.

The New York Times is reporting on the sweeps as well.

Warning on Storage of Health Records

By STEVE LOHR

April 17, 2008

In an article in The New England Journal of Medicine, two leading researchers warn that the entry of big companies like Microsoft and Google into the field of personal health records could drastically alter the practice of clinical research and raise new challenges to the privacy of patient records.

The authors, Dr. Kenneth D. Mandl and Dr. Isaac S. Kohane, are longtime proponents of the benefits of electronic patient records to improve care and help individuals make smarter health decisions.

But their concern, stated in the article published Wednesday and in an interview, is that the medical profession and policy makers have not begun to grapple with the implications of companies like Microsoft and Google becoming the hosts for vast stores of patient information.

The arrival of these new corporate entrants, the authors write, promises to bring “a seismic change” in the control and stewardship of patient information.

Today, most patient records remain within the health system — in doctors’ offices, hospitals, clinics, health maintenance organizations and pharmacy networks. Federal regulations govern how personal information can be shared among health institutions and insurers, and the rules restrict how such information can be mined for medical research. One requirement is that researchers have no access to individual patients’ identities.

Under the current system, individuals can request their own health records, but it is often a cumbersome process because information is scattered across several institutions.

As part of a push toward greater individual control of health information, Microsoft and Google have recently begun offering Web-based personal health records. The journal article’s authors describe a new “personalized, health information economy” in which consumers tell physicians, hospitals and other providers what information to send into their personal records, stored by Microsoft or Google. It is the individual who decides with whom to share that information and under what terms.

But Microsoft and Google, the authors note, are not bound by the privacy restrictions of the Health Insurance Portability and Accountability Act, or Hipaa, the main law that regulates personal data handling and patient privacy. Hipaa, enacted in 1996, did not anticipate Web-based health records systems like the ones Microsoft and Google now offer.

The authors say that consumer control of personal data under the new, unregulated Web systems could open the door to all kinds of marketing and false advertising from parties eager for valuable patient information.

Despite their warnings, Dr. Mandl and Dr. Kohane are enthusiastic about the potential benefits of Web-based personal health records, including a patient population of better-informed, more personally responsible health consumers.

“In very short order, a few large companies could hold larger patient databases than any clinical research center anywhere,” Dr. Mandl said in an interview.

But the authors see a need for safeguards, suggesting a mixture of federal regulation — perhaps extending Hipaa to online patient record hosts — contract relationships, certification standards and consumer education programs.

“I’m a great believer in patient autonomy in general, but there is going to have to be some measure of limited paternalism,” Dr. Kohane said in an interview.

Peter Neupert, the vice president in charge of Microsoft’s health group, said that he admired the authors and that they raised some important issues. But he resisted the suggestion of extending Hipaa to newcomers like Microsoft and Google.

“Philosophically and politically, I am skeptical of the concept of paternalism,” Mr. Neupert said in an e-mail response to the article, which he was sent, and to the authors’ comments. “It never turns out to be ‘limited.”

Designing a health records system that clearly informs consumers and requires their consent for data use is the better approach, Mr. Neupert said.

“We have to earn the consumer’s trust for our brand,” he said. “So I can imagine a scenario where we have a third party verify that our system works the way we assert it does,” much as an auditor reviews a company’s financial reporting.

Dr. Mandl and Dr. Kohane are physicians and researchers at Children’s Hospital Boston, the primary pediatric teaching hospital of the Harvard Medical School.

The evolution of CyberCrime Inc.

By Doreen Carvajal

Published: April 6, 2008

PARIS: There is no storefront or corporate headquarters for Cybercrime Inc., but savvy salesmen in a murky, borderless economy are moving merchandise by shilling credit card numbers – “two for the price one.”

“Sell fresh CC,” promised one salesman who offered teaser credit card numbers for samples in New Jersey and Canada. “Visa, MasterCard, Amex. Good Prices. Many countries!!!!!”

Electronic crime is maturing, according to security experts, and with its evolution, clever criminals are adopting conventional approaches that reflect cold business sense – from supermarket-style pricing to outsourcing to specialists acting as portfolio managers, coders, launchers, miners, washers and minders of infected “zombie” computers.

“It’s a remarkable development of a whole alternative business environment that’s occurred over the last couple years,” said Richard Archdeacon, a senior director of global services for Symantec, an Internet security company with 11 research centers around the world tracking crime trends. “What’s been so astonishing is the speed with which it’s developed and the effect with which the market has grown and matured.”

In the United States alone, victims of reported Internet fraud lost $239 million in 2007, with average losses running about $2,530 per complaint recorded by a special Web-based hot line operated by the FBI and the National White Collar Crime Center, a nonprofit corporation focusing on electronic crime.

The most common frauds were fake e-mail messages and phony Web pages and the crimes were organized from the United States, England, Nigeria, Canada, Romania and Italy, according to an FBI report issued last week.

Yet despite the increasing sophistication and elusiveness of e-criminals, judges remain reluctant to order much jail time for computer crime, according to some national law enforcement officials and such major companies as Microsoft.

Part 2

A case in point is Owen Thor Walker, a self-taught computer wizard from New Zealand who, at 18 years old, pleaded guilty last week to criminal charges arising from his development of a vast international network of individual computers that he had hijacked and infected with hidden software or “malware” and remotely controlled.

In the parlance of the trade, he was a “bot herder” who offered his “robot network” for hire to a company in the Netherlands to covertly install their adware. Walker’s borderless network first surfaced in an FBI investigation of a computer attack in 2006 that caused the crash of a computer server at the University of Pennsylvania in the United States. The FBI singled out a Pennsylvania student in the attack who ultimately led investigators to Walker, nicknamed Akill.

Walker’s sentencing is scheduled for late May, but the judge on the case indicated that he would consider community detention and work release or some home detention for punishment of the teenager, who suffers from Asperger Syndrome, a mild form of autism marked by poor social skills and compulsive behavior.

“Most of the time it’s very difficult for a judge to understand what’s going on and what the risks are,” said Eric Loermans, chief inspector of a Dutch high-tech crime unit, noting though that private companies that are not satisfied can also take civil action against offenders.

Loermans was part of the Council of Europe’s cybercrime forum in Strasbourg last week to develop guidelines for closer international cooperation between law enforcement and Internet service providers. More than 200 people representing government agencies and private companies from the Europe, the United States, Africa and South America participated in the conference.

Many came from countries where the police are regrouping: like India, where officers in New Delhi are being sent for cybercrime training in e-mail tracking and digital fraud; or the Netherlands, where the government is spending €14 million, or $22 million, over the next four years on its fight against cybercrime.

The Dutch plainclothes high-tech unit now numbers about 25 people, but the police are also in the process of developing training programs for everyone on the staff down to the officer on the beat, according to Loermans.

“Years ago, we saw cybercrime as a speciality,” he said. “Now we have added cybercrime in every form of police training, so we are raising the level of the entire Dutch police force. There’s no crime anymore where there are no digital components built in.”

The aim is to keep up with an age-old game of cat-and-mouse that is accelerating, with newly emerging tools like the “fast flux” that allows cybercriminals to hide the national location of spamming and phishing Web sites, which surface for minutes on a bot computer in one country before moving within minutes to another infected bot in another country. Phishing is a method of fraudulently acquiring sensitive information, like passwords and credit card numbers, using digital communication.

The advantage of fast flux, according to experts, is that attackers can register a child-pornography site or a fake bank that is not tied to a single domain that can be tracked and shut down. The flux techniques were used in phishing frauds this year that targeted bank customers in England where criminals created fake bank sites mimicking Barclays and Halifax banks and requested personal information.

David Roberts, chief executive of the Corporate IT Forum, which represents 150 companies in Britain, said his group was pressing for a single confidential channel where corporate security chiefs could report cybercrimes. The Conservative Party in Britain has lately seized on the issue, promising a dedicated “e-crime” police unit and the creation of a new government position, a “cybercrime minister.”

As it is now, Roberts said that major companies rarely reported crimes because they wanted to protect their own reputation. And he said they might deal with it discreetly in other ways, perhaps by simply paying nuisance attackers to go away.

“Their only recourse at the moment is to quite literally go to their nearest police station and report the crime to the local police constable,” Roberts said, adding that the local police are “very good on physical criminals and household thefts and burglaries, but electronic crime is not part of their curriculum.”

The fast-flux technique, Roberts said, was a further illustration of how online crime has evolved. “They are professional, large, well organized and they are best called companies.”

Microsoft, which has its own teams of private investigators to monitor and combat cyberthreats to the company, is now taking a more “holistic” approach to confront electronic fraud by financing conferences and training programs.

“It’s just not sufficient to bring cases to police,” said Jean-Christophe Le Toquin, an Internet safety director for Microsoft in Europe, the Middle East and Africa. “It’s not sufficient to have conferences on cybercrime. What you have to do is both of these things and then offer training to judges on cybercrime so that the parliament, the police, the judges are all trained at the same time.”

Microsoft is also turning its lawyers toward another flaw in e-commerce called typosquatting by challenging individuals for trademark infringement who register domain names with misspelled versions of the Microsoft name to make money from unsuspecting computer users through pay-per-click advertisements.

Last year, according to the company, it recovered more than 2,000 names.