One court case in Turkey has already led to a two-and-a-half year prison sentence for a phisher in Turkey, and another four cases against teenagers have been settled out of court, as a result of the Microsoft's.
"Sometimes we initiate our own legal action, but more importantly we work with law enforcement agencies," said Nancy Anderson, deputy general counsel at the software company.
Of the 129 lawsuits that have been initiated, 97 are criminal procedures in which Microsoft and other technology companies have provided information.
The announcement was made at a European Union conference on identity theft in Brussels.
over the last few years, with the number of attempts to trick citizens into handing over their bank or credit card account details almost doubling in the first half of 2006 to 157,000, according to a recent report from security software vendor Symantec.
The total amount of damages from phishing is expected to be $2.8 billion in 2006 alone, research group Gartner estimates.
Phishers send e-mails, in which they, asking people to verify personal information such as account numbers and passwords.
"Like most other cases of fraud, they prey on people's behavior," Anderson said.
They also scour social networking sites and personal Web sites looking for personal information.
While criminal complaints are aimed at what Microsoft believes to be real criminals, the civil lawsuits are aimed mainly at young people without criminal intent. For them, settlements of $1,290 to $2,570 are deemed to be enough of a deterrent, Microsoft said.
"It's certainly enough to make their parents very angry," a Microsoft representative said.
Microsoft can initiate civil lawsuits even when it is not the target of identity theft, because legal systems in many countries allow anyone suffering from attacks to claim damages.
"There are damages to our ability to conduct business. There are damages to our trust with the consumer," Anderson said.
The U.S. company has an investigative team at its headquarters in Redmond, Wash., which uses Web-crawling software and customer complaints to find out where attacks are taking place. Old-fashioned investigative techniques are then used to discover the identity of the phishers.
Before legal action was taken, 253 cases were investigated. Most of the investigations and 50 of the criminal complaints were filed in Turkey. Germany was second with 28 criminal complaints and France third with 11.
Britain led the civil orders with 18 out of a total 32. Cases were also filed in Dubai, Italy, Morocco and the Netherlands.