StopScum

Microsoft Sues: A poor start

Microsoft recently filed 117 federal lawsuits against unnamed (John Doe) defendants. This amounts to a fishing expedition so they can use other legal procedures to force third parties to disclose data. It also underscores the challenge in catching these criminals since no specific individuals and or Companies were named.

Where are the other major Internet players? Folks like Google, Yahoo, Ebay/PayPal, AOL, Amazon, and many others need to think long term, and aggregate a legal attack using the Billions of dollars they collectively have. Has the thought ever crossed their minds that a few million dollars spent on consumer education is the other tactic which must be deployed.

Where are the 60 plus brands whose image is tarnished with these Phishing attacks? Names like Visa, MasterCard, Chase and Citi sit back and do not file legal action. While a reputable organization like The Anti-Phishing Working Group is a great start it's never going to significantly reduce this problem.

Certainly, I am aware of some Toolbar solutions, hot lists, and political efforts to pass legislation which sends these criminals to jail but these proprietary solutions are more of a publicity stunt and miss the effective solution which is a coordinated legal attack by numerous companies who are working together and combine this with a collective effort to educate consumers.

Given the short sited nature of most of the major players and lack of cooperation with each other, I'm not very optimistic and will guarantee you that the incidence of Phishing will continue to increase at alarming rates.

Phishing criminals are much smarter than their enemy

As the effectiveness of fraudulent emails has decreased, the criminals have and will continue to use new techniques to lure consumers into releasing their confidential data. Consider the increasing incidence of the following:

(1) An ecommerce site which may sell plane tickets, consumer goods, insurance, or even mortgages. The "Kits" are already circulating and in some cases a nice ranking in a Search Engine and or a PPC advertisement insures a steady flow of new victims. A few of these clever criminals will even recruit Affiliates or join some of the larger CPA networks who in general lack the necessary resources and desire to properly vent listings and or merchants.

(2) Fake software updates and patches will become more prevalent. Once installed on the surfers computer, they will log keystrokes, phone home, and capture screens. Writing a virus is no longer the fad. Why bother, when a criminal can make money writing and .exe which steals data.

(3) Fraudulent "Surveys" which promise numerous prizes but require personal data is already starting to appear. Win 10K but first I want your DOB, address, bank account info to wire you the funds, and much more. Need some traffic? Just purchase a site which already has traffic and recoup your investment the first month.

(4) Fraudulent Affiliate programs which make wild payout claims and target greedy and ethically challenged Webmasters. In some cases, it's not even necessary to start your own Affiliate program. Just join a greedy and well known network engaged in the CPA space and let them bring you victims.

The final words of wisdom

We expect Phishing/Identity Theft incidents to continue to increase at an alarming rate for the next few years. Our next article will focus on tips and tricks to spot the criminals in action and hopefully provide you with the necessary steps to avoid Identity Theft.

Data Source: Phishing Activity Trends Report - February 2005