Microsoft casts phishing net for big haul

Microsoft has filed 117 'John Doe' lawsuits in the US against suspected phishers hoping to catch some of the biggest offenders.

Because there is no specific anti-phishing legislation in the US, the lawsuits were filed in the US District Court in Seattle under the Lanham Act. This is a federal trademark protection law that carries a maximum of $1 million fine per violation.

Microsoft said the accused have been trying to con people out of personal information, such as bank details passwords and social security details by using spoof MSN, Hotmail and Microsoft websites as well as mass e-mail or pop-up ads.

The software giant has worked with the US Federal Trade Commission and National Consumer Council over the growing problem of phishing attacks. It has been gathering information since October 2004 on the suspected criminals. But because the company currently has no knowledge of the identity of the phishers, the lawsuits are filed as 'John Doe' cases. "We have gone as far as we can legally go with public record and now are using the power of the courts to get more information so we can find out who these people are and where they are based.

"Many could be in the US but be basing their activities outside the way the spammers have," Aaron Kornblum, Microsoft's internet safety attorney told Computeractive.