In sharp contrast to the harmless pranks that will be played on this April Fools’ Day, deceptive phishing schemes are no laughing matter.
To strike a blow against criminals who prey on Internet users, Microsoft yesterday filed 117 lawsuits in the U.S. District Court for the Western District of Washington in Seattle against alleged John Doe phishers.
Microsoft has also partnered with the U.S. Federal Trade Commission (FTC) and the National Consumers League in urging consumers to beware of phishing schemes aimed at stealing their identities.
Phishing is a high-tech twist on the all-too-common crime of identity theft, where spam or pop-up messages are used to deceive recipients into releasing personal or financial information into the hands of criminals, most often via bogus Web sites.
The FTC reports that identity theft was the No. 1 consumer complaint in 2004. And, for the first time, phishing appeared on the top Internet and telemarketing scams lists gathered by the National Consumers League in 2004.
Retaliating Against Phishers
Microsoft previously had filed two lawsuits against phishers, but it is launching more aggressive retaliation against these online criminals.
The previous and current suits focus on illegal phishing attack Web sites that mimic Microsoft MSN or Hotmail sites, according to Microsoft’s Internet Safety Enforcement attorney Aaron Kornblum. Kornblum told the E-Commerce Times that Microsoft’s goal is to find out who is responsible for the attacks and help bring them to justice.
“Phishers are tricking consumers into giving up their personal information,” Kornblum said. “That’s an extremely dangerous online threat that we wish to stop. By filing these suits and working with the government enforcers, we are hoping to take advantage of April Fool’s Day to warn consumers not to fall prey to these attacks.”
Just Delete It
Experts urge Internet users to exercise the same caution when doing business online as they would in the physical world and called for increased consumer awareness of phishing.
“Computer users can stop phishers by not responding to an e-mail or pop-up that asks for personal information,” said Lydia Parnes of the FTC’s Bureau of Consumer Protection. “Just delete it.”
“Phishing is more than a dirty trick played on unsuspecting consumers — it’s a serious identity theft problem,” said Susan Grant, director of the National Consumers League’s National Fraud Information Center. “In little over a year it’s become one of the top scams reported to our National Fraud Information Center and Internet Fraud Watch program.”
Fraud Protection Tips
The three anti-phishing partners offer the following tips for avoiding online scams:
- Be suspicious if someone contacts you unexpectedly and asks for your personal information. It’s hard to tell whether something is legitimate by looking at an e-mail or a Web site, or talking to someone on the phone. But if you’re contacted out of the blue and asked for your personal information, it’s a warning sign that something is “phishy.” Most legitimate companies and agencies don’t operate that way.
- Don’t click on a link in an e-mail message that asks for your personal information. It might take you to a phony Web site that looks just like the Web site of the real company or government agency. Following the instructions, you enter your personal information on the Web site — and into the hands of identity thieves.
- To check whether the message is really from the company or agency, call that organization directly or go to the company’s Web site. If you don’t have the telephone number, get it from the phone book, the Internet or directory assistance. Use a search engine to find the official Web site.
- If someone contacts you and says you’ve been a victim of fraud, verify the person’s identity before providing any personal information. Legitimate credit card issuers and other companies might contact you if there is an unusual pattern indicating that someone else might be using one of your accounts. But usually they only ask if you made particular transactions; they don’t request your account number or other personal information.
- Law enforcement agencies might also contact you if you’ve been the victim of fraud. To be on the safe side, ask for the person’s name, the name of the agency or company, the telephone number, and the address. Then get the main number and call to find out if the person is legitimate.