Microsoft's Phishing Expedition

Microsoft Corp. is trying to smoke out the identity thieves who use a scam known as "phishing" to trick people into giving away their private information over e-mail or the Web.

The company on Thursday filed 117 federal lawsuits against unnamed defendants, hoping to file subpoenas to track the high-tech swindlers.

Efforts by Microsoft and other companies to track electronic criminals harken back to the Old West, when banks hired agents to hunt down robbers, Peter Cassidy, secretary general of the Anti-Phishing Working Group, an industry association, tells the San Jose Mercury News.

The lawsuits, filed under fraud and trademark protection laws, "are very significant," he said. "It starts testing the waters in how you can pursue electronic criminals. Electronic crime is at the dawn of its era."

Cassidy's organization (www.antiphishing.org) believes as many as 150 million phishing e-mails are sent out every day. Phishing sites grew by 26 percent a month from July to February, the association estimated.

The lawsuits, filed in U.S. District Court for the Western District of Washington, accuses the "John Doe" defendants of using mass e-mail or pop-up ads to coerce consumers into revealing personal information such as bank account information, passwords or social security numbers.

The Redmond-based software company said it filed the lawsuits in hopes of uncovering some of the largest operators.

In phishing scams, the Internet-based communications often purport to be from legitimate organizations, such as banks, and use that perception of a trusted relationship to get people to reveal personal information.

Deep-pocket companies like Microsoft, which has an anti-phishing team of 65 people, can be a catalyst for tracking down cybercriminals, Susan Grant, director of the National Consumers League's National Fraud Information Center and Internet Fraud Watch program, tells the Mercury News. Microsoft's team includes paralegals, lawyers and investigators with federal law enforcement experience.

Big companies often have the resources and expertise that law enforcement agencies lack, Grant said.

"They obviously have an interest when phishers are pretending to be them," she said. "It shakes people's confidence in communicating by e-mail and doing other kinds of things online. That's why AOL, Microsoft and other companies have stepped up to the plate. These scams are hurting them."

"Lawsuits may have some impact but they won't solve the problem, especially with the phishing schemes that operate from overseas," reports CBS News Technology Consultant Larry Magid. "The best defense is consumer education."

To avoid such identity theft, experts warn that users should be wary of giving out any personal information via e-mail or pop-up ads, especially if someone contacts them unexpectedly. Users also should be wary of clicking on e-mail links, which could divert a user to a malicious site that will then steal personal information.

"It's increasingly common to get a very genuine looking piece of e-mail that appears to come from a bank, credit card company or other legitimate organization," reports Magid. "Once consumers provide confidential information its easy for criminals to steal their identity and their money and even commit crimes in their name."