Industry Leaders Build 'PhishNet' to Stop Identify Theft
International law enforcement and numerous industry leaders have joined forces to fight the growing problem of "phishing" scams. Digital PhishNet is a collaborative enforcement program designed to forestall socially engineered attacks executed via e-mail, which steal consumers' site passwords, credit card numbers and other personally identifiable information that relates to identity theft.
The program catches phish by tracing the origins of deceptive e-mails and phony Web sites in real time, then by passing that information on to law enforcement.
The most common modus operandi for phishing schemes is to send out spam from falsified e-mail addressed linked to imposter Web sites that replicate the look and feel of legitimate businesses. It is common for the e-mails to ask consumers to "update their account information," when in reality, they are baiting users for identity theft.
Phishers have become more insidious as they grow proficient at their craft; in rare instances some have even found ways to host spoofed sites on official domains by hacking insecure Web servers. Others install spyware or viruses on their mark's machine to monitor their online activity and otherwise harm their systems.
Digital PhishNet draws together leaders in technology, banking, financial services, and online auctioneering to establish a direct line of communication with law enforcement. When industry sleuths pass on aggregated data, it is dispersed to the appropriate officials in federal, state and local agencies so that cyber criminals can be identified and ultimately apprehended.
"The key to stopping phishers and bringing them to justice is to identify and target them quickly," said Dan Larkin, unit chief at the FBI's Internet Crime Complaint Center (IC3). "Phishers create and dismantle these phony sites very, very fast, stockpiling credit card numbers, passcodes and other personal financial information over the course of just a couple of days, in order to avoid detection."
Charter members of the program include: Microsoft, America Online, Digital River, EarthLink, Lycos, Network Solutions, VeriSign, the Federal Bureau of Investigation (FBI), the Federal Trade Commission (FTC), the U.S. Secret Service (USSS), and the U.S. Postal Inspection Service (USPIS).
"Phishers are the street muggers of the digital age, using computers instead of weapons to steal financial information and identities from innocent people," said Tatiana Platt, a former US intelligence official, and senior vice president for Integrity Assurance for America Online. "Just like their street criminal brethren, phishers should be tracked down, arrested and locked away, and AOL is pleased to work with law enforcement agencies through Digital PhishNet to help bring them to justice."
More information is available on the Digital PhishNet Web site.