Microsoft files 117 phishing lawsuits

Microsoft Thursday filed 117 civil lawsuits against alleged phishers trying to scam Microsoft customers out of personal information such as credit card numbers.

The lawsuits, filed in U.S. District Court for the Western District of Washington, seek to identify large-scale scam operations and recover damages from so-called phishing operations. Phishers typically send out spam e-mail, made to look like official e-mail from a real e-commerce company, asking recipients to click on a link and update their personal information. The link takes consumers to a Web site that mimics the look of the real e-commerce company, but collects personal information for ID thieves to use.

The new phishing lawsuits -- Microsoft previously went after two other phishing schemes using lawsuits -- target unnamed defendants who sent spam e-mail and put up Web sites targeting Microsoft services such as MSN and Hotmail, Aaron Kornblum, Microsoft's Internet safety attorney, said in a Washington, D.C., press conference. Through the lawsuits, Microsoft will issue subpoenas and attempt to uncover the names of the scam artists, as well as identify support operations such as Web hosting services and mass e-mail services, he said.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Microsoft Thursday filed 117 civil lawsuits against alleged phishers trying to scam Microsoft customers out of personal information such as credit card numbers.

The lawsuits, filed in U.S. District Court for the Western District of Washington, seek to identify large-scale scam operations and recover damages from so-called phishing operations. Phishers typically send out spam e-mail, made to look like official e-mail from a real e-commerce company, asking recipients to click on a link and update their personal information. The link takes consumers to a Web site that mimics the look of the real e-commerce company, but collects personal information for ID thieves to use.

The new phishing lawsuits -- Microsoft previously went after two other phishing schemes using lawsuits -- target unnamed defendants who sent spam e-mail and put up Web sites targeting Microsoft services such as MSN and Hotmail, Aaron Kornblum, Microsoft's Internet safety attorney, said in a Washington, D.C., press conference. Through the lawsuits, Microsoft will issue subpoenas and attempt to uncover the names of the scam artists, as well as identify support operations such as Web hosting services and mass e-mail services, he said.

Microsoft is using trademark law to target the phishers, who use the company's trademarks on their e-mail messages and Web sites, Kornblum said.

Asked if Microsoft expected to identify the creators of all 117 phishing schemes, Kornblum said the company hopes to find as many as possible. In another phishing lawsuit the company filed in October 2003, it took several months to identify a suspect, but Microsoft eventually obtained a $3 million default judgment against an Iowa man.

"Will we catch all 117?" Kornblum said. "I don't know. It'll definitely be a learning experience."

Microsoft has also taken action to shut down more than 1,700 phishing operations targeting its services since January 2004, according to the company.

In addition to the phishing lawsuits, Microsoft joined with the Federal Trade Commission (FTC) and the National Consumers League to work on educating consumers about phishing attacks. The groups showed examples of phishing attacks through e-mail at the press conference, and Susan Grant, vice president and public policy director of the National Consumers League, noted that her organization has heard reports of telephone phishing schemes.

The IDG News Service is a Network World affiliate.