The FBI and consumer organizations issued a warning Mon-day about a growing fraud scheme involving e-mails that lure people to fake websites to collect sensitive personal or financial data.
The scam involves e-mails that link users to so-called "phisher" sites that are designed to look like legitimate sites and deceive consumers into revealing credit card or bank account numbers or other sensitive data.
The scam, which has developed in the past few months, has tricked customers of big retailers such as Best Buy, the Internet payment site Paypal and EarthLink, a major Internet service provider.
"This is the hottest new scam on the Internet," said Keith Lourdeau of the FBI's cybercrime division, who spoke at a news conference on the subject Monday.
Lourdeau said the FBI was investigating at least 600 complaints involving the "phisher" scam.
The FBI official added that the scam could be used for credit card fraud, bank fraud or identity theft, possibly even to create false identities for terrorist activity.
He said that in one case, the scam collected credit-card numbers that were "sent abroad to criminals who used the stolen credit cards throughout Europe."
Some reports have linked the scam to organized crime, possibly in Russia.
But at least one scheme was hatched by a 17-year-old in the US, who used stolen credit-card information for a shopping spree of several thousand dollars, said Mozelle Thompson, a member of the US Federal Trade Commission.
Thompson said the agency, which can obtain civil penalties, was working with the FBI and other agencies on investigations.
"For those of you who engage in this, we are putting you on notice," he said.
"We will hunt you down and find you and prosecute you to the fullest extend of the law," Thompson said.
EarthLink organized Monday's news conference after learning that spammers were luring its customers to a fake EarthLink Web site to collect personal data.
Although the scheme has victimized some sophisticated users, EarthLink vice president Dave Baker said legitimate companies will almost never send out e-mails like that seeking to collect sensitive data.
He said the scammers often use complicated Web address that may contain the name of the company.
But users would be advised to call the company or go to the main Web site, instead of clicking on a link from an e-mail, and logging on with a password before providing key data.
"Consumers must always be very suspicious when asked for personal information, especially when asked by companies or organizations that should already have the information," said Linda Golodner, president of the National Consumers League, which runs the Internet Fraud Watch program with the FBI.