Microsoft Sues Over Phishing

Microsoft Sues Over Phishing

Microsoft has filed 117 John Doe lawsuits against Internet operators who attempted to obtain private information (phishing), such as usernames and passwords, from unsuspecting consumers. The perpetrators usually pose as Banks or other legitimate corprorations and direct recipients of their emails to fake websites that have been created to resemble the official bank or other web page. As a result the peronal details of the consumer are compromised giving full access of their bank account and other personal information to the fake website administrators.

Phishing is a high-tech twist on the all-too-common crime of identity theft, where spam or pop-up messages are used to deceive recipients into releasing personal or financial information into the hands of criminals. The FTC reports that identity theft was the No. 1 consumer complaint in 2004. And, for the first time, phishing appeared on the top Internet and telemarketing scams lists gathered by the National Consumers League in 2004.

Appearing at the National Press Club in Washington, D.C., Lydia Parnes, acting director of the FTC's Bureau of Consumer Protection, Susan Grant, director of the National Consumers League's National Fraud Information Center and Internet Fraud Watch program, and Jacqueline Beauchere and Aaron Kornblum of Microsoft urged Internet users to exercise the same caution when doing business online as they would in the physical world and called for increased consumer awareness of phishing.

Computer users can stop phishers by not responding to an e-mail or pop-up that asks for personal information, said Lydia Parnes of the FTC's Bureau of Consumer Protection. Just delete it.

Kornblum announced that Microsoft is filing 117 lawsuits against alleged phishers as part of its commitment to protecting consumers against phishing and other cybercrime. The company is filing the lawsuits today in the U.S. District Court for the Western District of Washington in Seattle against John Doe defendants.

Through today's sweep of John Doe lawsuits, Microsoft's legal team hopes to establish connections between phishing scams worldwide and uncover the largest-volume operators.

Internet users should follow these simple steps to avoid phishing scams:

- Be suspicious if someone contacts you unexpectedly and asks for your personal information. It's hard to tell whether something is legitimate by looking at an e-mail or a Web site, or talking to someone on the phone. But if you're contacted out of the blue and asked for your personal information, it's a warning sign that something is "phishy." Most legitimate companies and agencies don't operate that way.
- Don't click on a link in an e-mail message that asks for your personal information. It may take you to a phony Web site that looks just like the Web site of the real company or government agency. Following the instructions, you enter your personal information on the Web site - and into the hands of identity thieves. To check whether the message is really from the company or agency, call it directly or go to the company's Web site. If you don't have the telephone number, get it from the phone book, the Internet or directory assistance. Use a search engine to find the official Web site.
- If someone contacts you and says you've been a victim of fraud, verify the person's identity before you provide any personal information. Legitimate credit card issuers and other companies may contact you if there is an unusual pattern indicating that someone else might be using one of your accounts. But usually they only ask if you made particular transactions; they don't request your account number or other personal information. Law enforcement agencies might also contact you if you've been the victim of fraud. To be on the safe side, ask for the person's name, the name of the agency or company, the telephone number, and the address. Then get the main number (see tip above) and call to find out if the person is legitimate.