Digital PhishNet launched to combat phishing scams
Major industry players and federal law enforcement agencies are involved
December 9, 2004 12:00 PM ETComputerworld -
A collaborative initiative involving several major industry players and law enforcement agencies was formally launched yesterday in an effort to deal with the growing problem of online phishing scams.
The antiphishing group, called Digital PhishNet, includes companies such as Microsoft Corp., America Online Inc., VeriSign Inc. and EarthLink Inc., as well as government agencies such as the FBI, the U.S. Secret Service and the U.S. Postal Inspection Service.
The group hopes to improve the flow of information between industry and law enforcement agencies about phishing attacks, said Dan Larkin, unit chief at the FBI's Internet Crime Complaint Center.
Because phishers are able to create and dismantle phony sites rapidly, "the key to stopping them is to identify and target them quickly," Larkin said. "Our industry partners have a unique perspective regarding these schemes, and how they look early on, that we in law enforcement don't always have."
Having technology players working closely with law enforcement agencies is a good approach to dealing with phishers, said Avivah Litan, an analyst at Stamford, Conn.-based research firm Gartner Inc. "Law enforcement is not really equipped to deal with these cybercriminals," she said. "They don't have the technical skills or the staff."
As a result, technology companies will have to "spoon-feed them" with a lot of the data and the evidence needed to go after phishers, she added.
Phishing scams are designed to lure people into parting with personal information such as credit card and driver's license numbers and typically involves spoofed e-mails that appear to come from reputable companies.
Industry groups such as the Anti-Phishing Working Group have reported sharp increases in phishing scams over the past year. Between July and October alone, the number of phishing sites grew by an average of 25% a month, with 1,142 active phishing sites reported active in October. According to Gartner, for the 12-month period that ended last April, phishing attacks cost victims $1.2 billion -- with U.S. companies bearing most of the costs.
The newly formed coalition should help industry and law-enforcement formulate a better response to the growing menace, said Judy Lin, an executive vice president at Mountain View, Calif.-based VeriSign. "The goal is to create a safe place for participants to share information, including the nature of scams, the contacts that are necessary to shut down the scams, as well as techniques and best practices for combating these types of activities," she said.
Apart from sharing information with law enforcement, the group will also be investigating ways of legally "leveraging technology to bringdown sites" that are being used to launch phishing attacks, Lin said.
"The reason this alliance was formed is not just to raise awareness of the problem but to take a proactive stance in tracking [scammers] and shutting them down," said Dave Alampi, vice president of marketing at Digital River Inc., an Eden Prairie, Minn.-based company that builds and manages e-commerce sites.
Because of the cross-border nature of the problem, the FBI is working on garnering support from law enforcement agencies in other parts of the world, Larkin said. "The message here is that industry is taking the problem very seriously and is committed to working with law enforcement" to stop phishing, he said.
Cybercrime/Hacking
Additional Resources



White Papers & Webcasts
The State of PCI DSS Compliance at Organizations Today
Download this resource today!
Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...
Can Heuristic Technology Help Your Company Fight Viruses?
What is Heuristic Technology and how can it help safeguard your business against viruses? Learn more.
Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.
Why Email Must Operate 24/7 and How to Make This Happen
Learn how to avoid an email outage by implementing a hosted email continuity solution.
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Eradicate Spam & Gain 100% Asurance of Clean Mailboxes
Get this paper now!
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Mastering eDiscovery: The IT Manager's Guide to Preservation, Protection & Production
Get this paper now!
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
