Feeds

AOL sues mystery phishers for $18m

Trawl

Securing Web Applications Made Simple and Scalable

AOL filed three civil lawsuits against several major phishing gangs on Tuesday as part of the ISP's wider fight against identity theft scams and other internet security threats.

The suits (overview) cite Virginia's anti-phishing statute, adopted in July 2005. AOL's suit also uses the Federal Lanham Act (trademark law), and the Federal Computer Fraud & Abuse Act.

The ISP is seeking damages of $18m against unnamed groups who targeted AOL and CompuServe members with fraudulent emails that attempted to trick them into handing over confidential personal information (such as AOL screen names, passwords, and credit card numbers) to bogus websites that mimicked the appearance and feel of official AOL or CompuServe websites. According to the lawsuits, these phishing fraudsters used "vast resources and creativity" to design hundreds of fake websites. AOL has kept tens of thousands of examples of phishing fraud emails transmitted by these gangs.

Curtis Lu, senior VP and deputy general counsel at AOL said: "At AOL, we are using every legal and technical means at our disposal to drive phishers from the AOL service, not only to protect our members, but to make the internet a better, safer place for all consumers. The phishers targeted in our lawsuits spoof a variety of prominent internet brands, including AOL."

According to the Anti-Phishing Working Group almost 50,000 phishing websites were created last year, with more than 7,000 appearing in December alone. AOL said it is committed to fighting spamming and phishing both legally and by using technologies such as its recently introduced certified mail programs. It said it blocks an average 1.5bn spam emails a day, approximately 80 per cent of the email traffic sent to users' in-boxes. AOL also blocks delivery of emails with web links to known phishing sites. Access to known phishing sites is also blocked for users of AOL Explorer browsers. The ISP partners with anti-phishing firms MarkMonitor, Cyveillance and Cyota in delivering providing protection against phishing attacks. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.