REDMOND, Wash., Dec. 8, 2004 — Representatives from a number of industries and international law enforcement agencies today announced the establishment of Digital PhishNet, a collaborative enforcement operation that unites industry leaders in technology, banking, financial services and online auctioneering with law enforcement to tackle “phishing,” a destructive and growing form of online identity theft.
Digital PhishNet establishes a single, unified line of communication between industry and law enforcement, so critical data to fight phishing can be compiled and provided to law enforcement in real time. Phishing is the particularly harmful and deceptive emerging online threat that involves directing consumers to phony Web sites, usually through forged or “spoofed” spam e-mails, to input personal financial information such as credit card numbers and passcodes. While other industry groups have focused on identifying phishing Web sites and sharing best practices and case information, Digital PhishNet is the first group of its kind to focus on aiding criminal law enforcement and assisting in apprehending and prosecuting those responsible for committing crimes against consumers through phishing.
Digital PhishNet brings together industry leaders from nine of the top 10 U.S. banks and financial services providers, four of the top five Internet service providers and five digital commerce and technology companies, and works with top federal and international law enforcement agencies.
Developing supporters of Digital PhishNet include America Online Inc., Digital River Inc., EarthLink Inc., Lycos Inc., Microsoft Corp., Network Solutions, VeriSign Inc., the Federal Bureau of Investigation (FBI), the Federal Trade Commission (FTC), the U.S. Secret Service (USSS) and the U.S. Postal Inspection Service (USPIS). More information can be found at http://www.digitalphishnet.org .
“The key to stopping phishers and bringing them to justice is to identify and target them quickly,” said Dan Larkin, unit chief at the FBI’s Internet Crime Complaint Center (IC3). “Phishers create and dismantle these phony sites very, very fast, stockpiling credit card numbers, passcodes and other personal financial information over the course of just a couple of days, in order to avoid detection. Digital PhishNet is a powerful response to this type of online fraud because it facilitates critical data collection between a large number of the targets of these crimes — those who are on the front lines of the fight against phishing — and establishes a pipeline directly to law enforcement, in real time, before the phisher has had time to disappear back into the anonymity of cyberspace.”
Participants in Digital PhishNet have come together to actively and aggressively seek out phishing Web sites and identify the origins of the spam e-mails designed to deceive consumers into visiting these phony Web sites. The law enforcement supporters of Digital PhishNet have formed an alliance with federal, state and local law enforcement agencies that will use the aggregated data, along with various tools and strategies, to identify and arrest those suspected of perpetrating phishing scams.
Deceptive and insidious phishing scams require an adept and multifaceted approach by industry and law enforcement. Phishing scams usually are initiated through spam e-mail messages that direct consumers to visit a phony Web site — often an exact replica of a legitimate corporate Web site — and ask for passwords and other sensitive personal or financial information. Phishers “spoof” or falsify e-mail addresses, purporting to be associated with the legitimate organizations they are targeting, and instruct consumers to visit these sites in order to “update their account information.” In many cases, phishers also download spyware and viruses onto consumers’ computers to track their online activity or cause damage to their files and hard drives.
“Phishers are the street muggers of the digital age, using computers instead of weapons to steal financial information and identities from innocent people,” said Tatiana Platt, chief trust officer and senior vice president for Integrity Assurance for America Online. “Just like their street criminal brethren, phishers should be tracked down, arrested and locked away, and AOL is pleased to work with law enforcement agencies through Digital PhishNet to help bring them to justice. Through our ongoing work with law enforcement and the comprehensive suite of safety and security tools we provide our members, AOL will continue to take any steps necessary to help protect our members from cybercriminals and other dangers in the online world.”
“The type of sophistication we’ve seen in recent phishing scams requires an equally strong and sophisticated response,” said Dave Alampi, vice president of marketing for Digital River. “By collaborating with other industry leaders, particularly in the technology world, and incorporating a substantial law enforcement component, we believe we can more effectively raise awareness and reduce this threat for Internet users. The creation of Digital PhishNet should serve as a warning to phishers that the industry is committed to meeting this challenge head on, and that there will be consequences for their crimes.”
“Criminals are employing increasingly sophisticated tactics to defraud consumers, including phishing, online identity theft, malicious code attacks and the dissemination of spyware,” said Les Seagraves, chief privacy officer and assistant general counsel for EarthLink. “Today’s announcement puts Internet scammers and spoofers on notice: We’re coming after you with the full force of industry and federal law enforcement combined. Working in cooperation with Digital PhishNet will greatly help us in our efforts to protect consumers and bring cybercriminals to justice.”
“Lycos is proud to be associated with this organization and we will continue to work together with other Internet leaders to help alleviate this problem,” said Jaime Carney, network abuse manager for Lycos. “We are fully committed to protecting innocent people from being deceived online.”
“Phishing is a particularly deceptive and destructive online threat,” said Nancy Anderson, vice president and deputy general counsel for Microsoft. “Imposter Web sites can be extremely sophisticated and much more difficult to discern from legitimate Web sites. These phishers move very quickly, collecting as much personal financial data as they can before moving on to set up shop under another phony identity. Digital PhishNet is an aggressive and offensive attack against these cybercriminals and one that will make their lives much more difficult.”
“We believe this industry-law enforcement collaboration is the right approach to protecting consumers and their online brands from fraudulent activities,” said Champ Mitchell, chairman and CEO of Network Solutions. “It is a coordinated effort that brings together the capabilities and resources — those from technology, banking and financial services, together with law enforcement — needed to attack this growing problem.”
“The financial return and success of phishing ploys have driven hackers to move beyond initiating attacks for illicit notoriety and instead strive for significant monetary gain through these rapidly growing scams,” said Judy Lin, executive vice president for VeriSign. “As such, hackers who launch phishing attacks are formidable opponents and therefore demand a serious and concerted response from the industry. The Digital PhishNet program is just that response, bringing together required involvement from local, state and federal law enforcement with private industry to effectively combat this destructive force on electronic commerce.”
About America Online
America Online Inc. (NYSE: TWX) is a wholly owned subsidiary of Time Warner Inc. Based in Dulles, Virginia, America Online is the world’s leader in interactive services, Web brands, Internet technologies and e-commerce services.
About Digital River
Digital River Inc. (Nasdaq: DRIV), a global leader in e-commerce outsourcing, builds and manages online businesses for more than 40,000 software publishers, manufacturers, distributors and online retailers. Its multi-channel e-commerce solution, which supports both direct and indirect sales, is designed to help companies of all sizes maximize online revenues as well as reduce the costs and risks of running an e-commerce operation. The company’s comprehensive platform offers site development and hosting, order management, fraud prevention, site merchandising, advanced reporting and analytics, product fulfillment, e-marketing and multi-lingual customer service.
Founded in 1994, Digital River is headquartered in Minneapolis with offices in major U.S. and European cities. For more details about Digital River, visit the corporate Web site at http://www.digitalriver.com or call (952) 253-1234.
“EarthLink revolves around youTM.” Celebrating 10 years as a leading national Internet service provider (ISP), Atlanta-based EarthLink (Nasdaq: ELNK) has earned an award-winning reputation for outstanding customer service and its suite of online products and services. According to the J.D. Power and Associates 2004 Internet Service Provider Residential Customer Satisfaction StudySM, EarthLink is ranked highest in customer satisfaction among dial up and high-speed Internet Service Providers. Serving over 5 million subscribers, EarthLink offers what every user should expect from their Internet experience: high-quality connectivity, minimal drop-offs and ISP-generated intrusions, and customizable features. Whether it’s dial-up, high-speed, Web hosting or wireless Internet service, EarthLink provides the tools that best let individuals use and enjoy the Internet on their own terms. Learn more about EarthLink by calling (800) EARTHLINK or visiting EarthLink’s Web site at http://www.earthlink.net .
Lycos Inc. is a wholly owned subsidiary of Daum Communications Corp., the leading Internet company in Korea and a leader throughout the Asian markets. Lycos Inc. has in its portfolio a broad range of highly rated, popular specialty sites including Lycos.com, Angelfire.com, Hotbot.com, Matchmaker.com, Quote.com, Tripod.com and Wired.com. Other Lycos products include Lycos Mail and Gamesville. Lycos was acquired by Korean Daum Communications Corp. in September 2004 and has its U.S. headquarters in Waltham, Massachusetts. Daum Communications Corp. is traded on the KOSDAQ: 035720, http://www.daum.net .
Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.
About Network Solutions
Network Solutions, the world’s leading registrar of domain names, offers a full range of Web-related services, including domain names, Web sites and e-mail. We make it simple and affordable for customers to build and manage a Web presence through a single, experienced provider. Network Solutions manages more than 7 million domain names. Additional information about Network Solutions’ offerings is available at http://www.networksolutions.com .
VeriSign Inc. (Nasdaq: VRSN) operates intelligent infrastructure services that enable individuals and businesses to find, connect, secure and transact across today’s complex global networks. Additional news and information about the company is available at http://www.verisign.com .