Representatives from a number of industries and international law enforcement agencies today announced the establishment of Digital PhishNet, a collaborative enforcement operation that unites industry leaders in technology, banking, financial services and online auctioneering with law enforcement to tackle “phishing,” a destructive and growing form of online identity theft.

Digital PhishNet establishes a single, unified line of communication between industry and law enforcement, so critical data to fight phishing can be compiled and provided to law enforcement in real time. Phishing is the particularly harmful and deceptive emerging online threat that involves directing consumers to phony Web sites, usually through forged or “spoofed” spam e-mails, to input personal financial information such as credit card numbers and passcodes. While other industry groups have focused on identifying phishing Web sites and sharing best practices and case information, Digital PhishNet is the first group of its kind to focus on aiding criminal law enforcement and assisting in apprehending and prosecuting those responsible for committing crimes against consumers through phishing.

Digital PhishNet brings together industry leaders from nine of the top 10 U.S. banks and financial services providers, four of the top five Internet service providers and five digital commerce and technology companies, and works with top federal and international law enforcement agencies.

Developing supporters of Digital PhishNet include America Online Inc., Digital River Inc., EarthLink Inc., Lycos Inc., Microsoft Corp., Network Solutions, VeriSign Inc., the Federal Bureau of Investigation (FBI), the Federal Trade Commission (FTC), the U.S. Secret Service (USSS) and the U.S. Postal Inspection Service (USPIS). More information can be found here.

“The key to stopping phishers and bringing them to justice is to identify and target them quickly,” said Dan Larkin, unit chief at the FBI’s Internet Crime Complaint Center (IC3). “Phishers create and dismantle these phony sites very, very fast, stockpiling credit card numbers, passcodes and other personal financial information over the course of just a couple of days, in order to avoid detection. Digital PhishNet is a powerful response to this type of online fraud because it facilitates critical data collection between a large number of the targets of these crimes - those who are on the front lines of the fight against phishing - and establishes a pipeline directly to law enforcement, in real time, before the phisher has had time to disappear back into the anonymity of cyberspace.”

Participants in Digital PhishNet have come together to actively and aggressively seek out phishing Web sites and identify the origins of the spam e-mails designed to deceive consumers into visiting these phony Web sites. The law enforcement supporters of Digital PhishNet have formed an alliance with federal, state and local law enforcement agencies that will use the aggregated data, along with various tools and strategies, to identify and arrest those suspected of perpetrating phishing scams.

Deceptive and insidious phishing scams require an adept and multifaceted approach by industry and law enforcement. Phishing scams usually are initiated through spam e-mail messages that direct consumers to visit a phony Web site - often an exact replica of a legitimate corporate Web site - and ask for passwords and other sensitive personal or financial information. Phishers “spoof” or falsify e-mail addresses, purporting to be associated with the legitimate organizations they are targeting, and instruct consumers to visit these sites in order to “update their account information.” In many cases, phishers also download spyware and viruses onto consumers’ computers to track their online activity or cause damage to their files and hard drives.
Comments

“Phishers are the street muggers of the digital age, using computers instead of weapons to steal financial information and identities from innocent people,” said Tatiana Platt, chief trust officer and senior vice president for Integrity Assurance for America Online. “Just like their street criminal brethren, phishers should be tracked down, arrested and locked away, and AOL is pleased to work with law enforcement agencies through Digital PhishNet to help bring them to justice. Through our ongoing work with law enforcement and the comprehensive suite of safety and security tools we provide our members, AOL will continue to take any steps necessary to help protect our members from cybercriminals and other dangers in the online world.”

“The type of sophistication we’ve seen in recent phishing scams requires an equally strong and sophisticated response,” said Dave Alampi, vice president of marketing for Digital River. “By collaborating with other industry leaders, particularly in the technology world, and incorporating a substantial law enforcement component, we believe we can more effectively raise awareness and reduce this threat for Internet users. The creation of Digital PhishNet should serve as a warning to phishers that the industry is committed to meeting this challenge head on, and that there will be consequences for their crimes.”

“Criminals are employing increasingly sophisticated tactics to defraud consumers, including phishing, online identity theft, malicious code attacks and the dissemination of spyware,” said Les Seagraves, chief privacy officer and assistant general counsel for EarthLink. “Today’s announcement puts Internet scammers and spoofers on notice: We’re coming after you with the full force of industry and federal law enforcement combined. Working in cooperation with Digital PhishNet will greatly help us in our efforts to protect consumers and bring cybercriminals to justice.”

“Lycos is proud to be associated with this organization and we will continue to work together with other Internet leaders to help alleviate this problem,” said Jaime Carney, network abuse manager for Lycos. “We are fully committed to protecting innocent people from being deceived online.”

“Phishing is a particularly deceptive and destructive online threat,” said Nancy Anderson, vice president and deputy general counsel for Microsoft. “Imposter Web sites can be extremely sophisticated and much more difficult to discern from legitimate Web sites. These phishers move very quickly, collecting as much personal financial data as they can before moving on to set up shop under another phony identity. Digital PhishNet is an aggressive and offensive attack against these cybercriminals and one that will make their lives much more difficult.”

“We believe this industry-law enforcement collaboration is the right approach to protecting consumers and their online brands from fraudulent activities,” said Champ Mitchell, chairman and CEO of Network Solutions. “It is a coordinated effort that brings together the capabilities and resources - those from technology, banking and financial services, together with law enforcement - needed to attack this growing problem.”

“The financial return and success of phishing ploys have driven hackers to move beyond initiating attacks for illicit notoriety and instead strive for significant monetary gain through these rapidly growing scams,” said Judy Lin, executive vice president for VeriSign. “As such, hackers who launch phishing attacks are formidable opponents and therefore demand a serious and concerted response from the industry. The Digital PhishNet program is just that response, bringing together required involvement from local, state and federal law enforcement with private industry to effectively combat this destructive force on electronic commerce.”