Digital PhishNet launched to combat phishing scams

Computerworld - A collaborative initiative involving several major industry players and law enforcement agencies was formally launched yesterday in an effort to deal with the growing problem of online phishing scams.
The antiphishing group, called Digital PhishNet, includes companies such as Microsoft Corp., America Online Inc., VeriSign Inc. and EarthLink Inc., as well as government agencies such as the FBI, the U.S. Secret Service and the U.S. Postal Inspection Service.
The group hopes to improve the flow of information between industry and law enforcement agencies about phishing attacks, said Dan Larkin, unit chief at the FBI's Internet Crime Complaint Center.
Because phishers are able to create and dismantle phony sites rapidly, "the key to stopping them is to identify and target them quickly," Larkin said. "Our industry partners have a unique perspective regarding these schemes, and how they look early on, that we in law enforcement don't always have."
Having technology players working closely with law enforcement agencies is a good approach to dealing with phishers, said Avivah Litan, an analyst at Stamford, Conn.-based research firm Gartner Inc. "Law enforcement is not really equipped to deal with these cybercriminals," she said. "They don't have the technical skills or the staff."
As a result, technology companies will have to "spoon-feed them" with a lot of the data and the evidence needed to go after phishers, she added.
Phishing scams are designed to lure people into parting with personal information such as credit card and driver's license numbers and typically involves spoofed e-mails that appear to come from reputable companies.
Industry groups such as the Anti-Phishing Working Group have reported sharp increases in phishing scams over the past year. Between July and October alone, the number of phishing sites grew by an average of 25% a month, with 1,142 active phishing sites reported active in October. According to Gartner, for the 12-month period that ended last April, phishing attacks cost victims $1.2 billion -- with U.S. companies bearing most of the costs.
The newly formed coalition should help industry and law-enforcement formulate a better response to the growing menace, said Judy Lin, an executive vice president at Mountain View, Calif.-based VeriSign. "The goal is to create a safe place for participants to share information, including the nature of scams, the contacts that are necessary to shut down the scams, as well as techniques and best practices for combating these types of activities," she said.
Apart from sharing information with law enforcement, the group will also be investigating ways of legally "leveraging technology to bringdown sites" that are being used to launch phishing attacks, Lin said.
"The reason this alliance was formed is not just to raise awareness of the problem but to take a proactive stance in tracking [scammers] and shutting them down," said Dave Alampi, vice president of marketing at Digital River Inc., an Eden Prairie, Minn.-based company that builds and manages e-commerce sites.
Because of the cross-border nature of the problem, the FBI is working on garnering support from law enforcement agencies in other parts of the world, Larkin said. "The message here is that industry is taking the problem very seriously and is committed to working with law enforcement" to stop phishing, he said.

Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Knowledge Center.