Criminals targeted Christmas Eve and shipping cutoff days for delivery by Christmas for fraudulent purchasing, a new study finds.
Seeking to block criminals who try to steal consumers’ personal information through e-mail phishing scams purportedly from legitimate retailers and ISPs, Microsoft has filed 117 civil lawsuits in federal court.
Seeking to block criminals who try to steal consumers’ personal information through e-mail phishing scams purportedly from legitimate retailers and ISPs, Microsoft Corp. has filed 117 civil lawsuits in U.S. District Court for the Western District of Washington targeting large-scale operations.
Phishing scams attempt to steal credit card account information and other data from consumers by making them think their accounts at popular, legitimate web sites will be closed unless they renew their account information. Unsuspecting consumers are lured through the e-mails to forged web sites, where they’re expected to enter their information.
Microsoft’s suits, using trademark law, cite unnamed defendants who sent spam e-mail and created forged web sites targeting users of Microsoft products including MSN.com and its Hotmail e-mail service. Microsoft said it will issue subpoenas and attempt to uncover the names of phishers as well as identify supporting operations such as web site hosting services and mass e-mail services.
In an earlier phishing lawsuit filed in October 2003, Microsoft obtained a $3 million judgment against an Iowa man after taking several months to identify him. Since January 2004, Microsoft has taken action to shut down more than 1,700 phishing operations targeting its services, the company said.
Microsoft said it is also working with the Federal Trade Commission and the National Consumers League to educate consumers about phishing attacks.
Microsoft said it expects to continue its legal fight against phishers, a battle that it says would receive critical help from a bill introduced in February by Sen. Patrick Leahy (D., VT). The Anti-Phishing Act of 2005, which prohibits anyone from creating a forged copy of a legitimate web page and phony e-mails to induce people to divulge personal information, carries penalties of up to five years in prison plus fines.