In the latest effort by Internet companies to police fraud on the Web, Microsoft filed suit in federal court last week against 117 anonymous perpetrators of “phishing” scams, which lead recipients to hand over sensitive personal data to unauthorized users.
Aaron Kornblum, Microsoft Internet safety attorney, said at a press conference that the Redmond, WA-based software giant is suing the unnamed fraudsters on the grounds that they misused the Microsoft trademark in targeting customers of the company’s MSN connectivity and Hotmail services for their attacks.
By suing ‘John Doe’ defendants, Kornblum said, Microsoft will be able to subpoena information about the operators of the bogus Web sites and trace e-mail traffic. The company used a similar approach in an Oct. 2003 lawsuit to track down another phishing scammer targeting MSN customers. After six months and two subpoenas, the trail led to a 21-year-old Iowa man who used his grandfather’s MSN account to route phishing e-mails through four ISPs on three continents. Microsoft won a $3 million judgment against the man, and the Federal Bureau of Investigation is conducting a separate criminal probe into the case.
Kornblum said that in this effort, Microsoft hopes to unmask as many of the 117 John Doe defendants as possible but won’t insist on revealing them all or bringing them all to judgment.
“Will we catch all 117?” he said. “I don’t know. It will definitely be a learning experience.”
Kornblum said that both criminal enforcement and financial penalties are important tools in policing fraud on the Web. Just last week, Microsoft took partial credit for the bankruptcy filing by self-described “Spam King” Scott Richter. In claiming Chapter 11 protection for his online marketing company OptInRealBig, Richter said the immediate cause was a pending lawsuit by Microsoft alleging violations of anti-spam laws against its customers and asking for at least $20 million in damages.
Law enforcement officials often consider spam a potential risk factor for active phishing, because both involve the ability to hide origins, either of Web sites or e-mail communications.
A Microsoft statement said the company has played a part in shutting down more than 1700 phishing operations aimed at defrauding its customers since January. Today’s announcement of the lawsuits was part of a coordinated effort with the Federal Trade Commission and the National Consumers League to increase public awareness of the dangers of phishing.
Noting that today is April Fool’s Day, the three groups behind that coordinated campaign reminded Web users not to provide personal data in response to e-mail purporting to come from banks or credit card companies. Consumers should also be wary of clicking on Web links contained within e-mail, since phishers often use this technique to send users to bogus Web sites that “spoof” trusted providers and elicit personal data.
Network
