Microsoft launches global antiphishing initiative

When Microsoft identifies a suspect phishing site, it notifies the ISP hosting it

Microsoft has unveiled a global initiative to crack down on cybercriminals who engage in phishing. The company will set in motion more than 100 legal actions against phishers in Europe, the Middle East and Africa (EMEA) by the end of June, according to a release.

Phishing attacks use spam to entice internet users to visit what appear to be legitimate e-commerce web sites but are in fact phony sites controlled by cybercriminals. Users are encouraged to enter personal data such as passwords and bank account or credit card details, which the criminals can then exploit to commit crimes.

Neil Holloway, president of Microsoft EMEA, introduced the company's Global Phishing Enforcement Initiative (GPEI) at a technology debate in Brussels hosted by the European Internet Services Providers Association (EuroISPA) and cosponsored by Interpol.

Three years ago, the main problem centered around spam, Holloway says. But over the last 12 months, phishing has become "the next wave of cybercrime," he says.

The aim of GPEI is to better coordinate and expand on Microsoft's previous antiphishing moves. The vendor will work alongside law enforcement agencies, different industry sectors and governments with the mission of improving consumer education, upping the number of cybercriminal prosecutions and identifying more ways to combat phishing by using technology.

Of the more than 100 planned legal actions against phishers in EMEA, 53 are already under way, including actions against alleged cybercriminals in countries including Austria, Egypt, France, Morocco, Spain, Turkey and the UK, Microsoft says.

When Microsoft identifies a suspect phishing site, it notifies the ISP (Internet Service Provider) hosting it, says Jean-Christophe Le Toquin, a Microsoft attorney who is working on the phishing cases. Microsoft will provide URLs (uniform resource locators) or email addresses affiliated with the scam to law enforcement officials, he says.

So far, prosecutions have been few, but the number of cases is growing. At least one phisher - based in the US but whose site was hosted in Austria - pleaded guilty in December, Le Touquin says.

Law enforcement officials are still adapting to cybercrime's increasing demands and the complications when it crosses international borders, says Bernhard Otupal, crime intelligence officer with Interpol in Lyon, France.

"If a country is running a huge case, it's often the last thing to think that another country might have a similar issue," Otupal says.

Interpol runs training coures for officers in areas such as botnets, where a criminal can control thousands of computers in different countries and use it to attack other computers.

Phishing attacks are growing, according to an online poll conducted by security firm Sophos in February. The survey of 600 business users determined that 22% of PC users receive at least five phishing email messages every day.

Some companies are employing measures to combat online fraud attempts. Mastercard International started a program two years ago, says Walter Hansen, vice president of security and risk services, who is based in Waterloo, Belgium.

Mastercard has a contract with NameProtect, a digital fraud protection company, to troll the internet for credit card numbers and phishing sites, Hansen says. Mastercard also contacts the ISPs associated with those sites, he says.