Tech firms, FBI to fight phishing

Members of the new Digital PhishNet project include EarthLink, Microsoft and America Online, among others.

Reuters

Jan. 8, 2005 8:00 a.m. PT

2 min read

A group of Internet companies and law-enforcement agencies said Wednesday that they will work together to track down online scam artists who pose as banks and other legitimate businesses, a practice known as phishing.

Businesses will be able to notify the FBI and other authorities instantly when they see a new phishing attack--a necessary move when pursuing fly-by-night scam artists who close up shop quickly, said participants in the new project, called Digital PhishNet.



		Related story The weakest security link? It's you. Villains are more likely to get into computer systems by manipulating people, not machines, Gartner says.

"Speed is everything," said Les Seagraves, chief privacy officer of Internet service provider EarthLink, a member of the group. "Immediate action is key to not only shutting it down but to getting any information while something is still operating."

Phishing has emerged as a potent online threat over the past two years, combining spam e-mail with slick Web sites that trick consumers into giving out bank-account numbers, passwords and other sensitive information.

Phishing e-mails often come cloaked in the corporate logos of legitimate businesses like eBay and Citibank, bearing messages like "account update needed."

Internet users who click on a link in the message are directed to a Web site asking for their account numbers. Scam artists then resell that information to identity thieves or use it themselves.

Other members of Digital PhishNet include Microsoft, America Online, Lycos, Digital River, VeriSign and Network Solutions.

Nearly 1,200 phishing sites and 7,000 unique phishing e-mail messages were reported in October to the Anti-Phishing Working Group, a consortium of banks, online retailers and other businesses formed earlier this year to fight the problem.

Phishing sites were online for an average of 6.4 days before they were taken down, the group said.

Though the phishing attacks are growing more sophisticated since they first appeared in early 2003, consumers are becoming more sophisticated as well, EarthLink's Seagraves said.

EarthLink received 20,000 phone calls from confused customers when the company was first spoofed in a phishing attack a year ago, he said.

"Now we get maybe less than 300 calls, and almost all of those are, 'Hey, you have another phishing attack,'" Seagraves said.

Participating law-enforcement agencies include the FBI, the Federal Trade Commission, the U.S. Secret Service and the U.S. Postal Inspection Service.