Microsoft launches 117 antiphishing suits

Software giant goes after those who faked MSN and Hotmail sites to trick people into handing over billing info.

Matt Hines Staff Writer, CNET News.com
Matt Hines
covers business software, with a particular focus on enterprise applications.
Matt Hines
3 min read
Microsoft has filed 117 lawsuits against people who it charges created phishing Web sites designed to look like pages hosted by the software giant.

The suits, filed Thursday in Seattle in U.S. District Court for the Western District of Washington, are being brought against operators of Web sites that feature trademarked logos or images used by Microsoft on its official Web pages and products. The "John Doe" suits do not identify the individuals involved.

Every one of the sites named in the lawsuits, which were online sometime between October 2004 and March 2005, has already been taken down, said Aaron Kornblum, Internet safety enforcement attorney at Microsoft. One of the primary goals of the legal attack is tracking down the individuals responsible for creating the fraudulent sites, he said.

"Today's filings represent a significant increase in Microsoft's commitment to fighting phishers through the legal process," Kornblum said.

Before the filings, Microsoft had only brought two claims against individuals it accused of phishing scams. The fraud schemes typically involve the distribution of e-mail messages constructed to appear as if they come from trusted companies, such as banks or online retailers. These messages attempt to lure people to bogus Web sites, where the victims are asked to divulge sensitive personal information. The phishing sites targeting Microsoft frequently tried to trick people into sharing their billing information or online password data.

The company and law enforcement agencies, including the Federal Bureau of Investigation, expect to gather more detailed information on the individuals during the discovery period of the cases, which will begin over the next several weeks, attorneys for Microsoft said.

"We are now, having removed the immediate danger to Internet users from these sites, taking the next step to try and determine who is responsible for setting them up and helping to bring those people to justice," Kornblum said.

The suits involve Microsoft-trademarked logos and images such as the multicolored butterfly icon used on its MSN online network. Many of the phishing sites attempted to mimic the Web page designs used in Microsoft's Hotmail Web-based e-mail service. As a result, all of the lawsuits seek civil damages under the Lanham Act, which governs trademark use in United States.

In one of the phishing suits previously filed by Microsoft, Iowa resident Jayson Harris, 21, was found guilty in December 2004 of violating the company's trademarks. The Seattle district court ordered him to pay Microsoft a $3 million settlement. In addition, the FBI raided Harris' home in July 2004 and confiscated his computers. Criminal charges have yet to be filed against Harris, but could be forthcoming, Kornblum said.

The other case is still in the discovery stages, Kornblum said.

As part of its announcement, Microsoft joined with representatives of the U.S. Federal Trade Commission and the National Consumers League to warn people about the continued threat of phishing sites. The simplest way to avoid the schemes is to resist responding to e-mails that demand detailed personal data, they said. Most often, when criminals trick consumers into handing over their information, the details are used to commit identity fraud.

Kornblum said that partnering with the FTC and others, including law enforcement officials, will remain one of Microsoft's primary strategies in pushing phishing scams offline.

"Collaboration is key," he said. "You have government enforcement agencies that have the legal tools to bring criminal action, and then you have private industry with terrific expertise and information on what's happening on a real-time basis."

Kornblum had warnings for people involved in fraud schemes too.

"In addition to winning civil settlement, we also hope to see more phishers in orange (prison) jumpsuits," he said. "(Phishers) should know, it will only be a matter of time before they are found and prosecuted."