Microsoft Sues Phishers Over Identity Theft
Microsoft filed 117 lawsuits this week against unnamed defendants accusing them of identity theft, also known as phishing. Phishing is defined by the Wikipedia as the act of attempting to fraudulently acquire through deception sensitive personal information such as passwords and credit card details by masquerading in an official-looking email, IM, etc. as someone trustworthy with a real need for such information. Recently phishing has moved beyond fake eBay and Citibank emails to phishing on Yahoo and other Instant Messaging systems which take the users to false Yahoo pages which require their re-login information. Microsoft’s lawsuits were made under the Lanham Act, a federal trademark protection law which boasts a maximum $1 million fine per violation.
Microsoft filed the lawsuits in hopes of exposing and prosecuting some of the largest phishing scam operators. “The point is to change the economics of spamming and phishing,” said a Microsoft spokesman.”What (the lawsuits) are trying to do is make phishing economically unfeasible, basically to bankrupt these people.”
In the meantime, to avoid falling victim to phishing scam, here are some pointers from Daniel Punch of M6.NET. First and foremost, it is important to realize that no legitimate organization should be sending you a request to fill out your personal details because of some server error or for any other reason. Your bank will never send you an email with content along the lines of “We’ve lost your bank account number and password… please supply them again for our records”. You should also know that no bank is going to require your social security number, bank account number, and PIN number just to log in to your account or retrieve your password. Other sites such as Ebay, PayPal, and the like will not email you asking for these details either.
If you’re a little unsure as to whether or not an email is official, scroll down a bit until you find the link that they are requesting you to click and simply hold your mouse pointer over the link text without clicking. Now take a look at the bottom left-hand corner of your browser window. The link text is often the address that the phisher wants you to think you will be heading to but the real address will be revealed in the bottom of the browser. This address will most likely not have anything whatsoever to do with the company that the email is attempting to imitate. It could be a dodgy web site or even just a page on someone’s personal computer. If the address doesn’t appear in the bottom left-hand corner then you can right-click on the link, select ‘properties’ from the pop-up menu and then read the address listed in the information box.
Subscribe to SEJ
Get our weekly newsletter from SEJ's Founder Loren Baker about the latest news in the industry!