Industry/Law Enforcement Alliance Casts Net for Phishers

E-commerce, financial services and ISP players have banded together to fight phishing by forming a group called Digital PhishNet. The alliance brings together industry stakeholders and the federal government’s Internet Crime Complaint Center (IC3), allowing the parties to more easily share information about phishing attacks.

Phishing (define) is said to be a growing problem, with messaging security firm Proofpoint reporting nearly 100 new phishing attacks in November alone. Phishing, along with spoofing and spam, threatens legitimate email marketing by eroding the trust between brands and their customers.

The Digital PhishNet group consists of companies including Microsoft, America Online, EarthLink, Digital River, Lycos, Network Solutions and Verisign. Nine of the top 10 U.S. banks are also said to be participating, though they decline to be named publicly.

As part of the Digital PhishNet initiative, participating companies agree to send data on phishing attacks as quickly as possible to a master database stored at the IC3. This helps law enforcement investigators build a more comprehensive picture of what phishers are doing.

“Then they’re able to parse through that data and look at it and create a sort of fingerprint or footprint and try to build cases that are industry-wide,” said Stirling McBride, chief investigator for Microsoft.

The primary emphasis of Digital PhishNet, unlike the similar Anti-Phishing Working Group, is law enforcement.

“We’re trying to leverage industry expertise to find out where these schemes are coming from or if there’s a pattern of activity that would tend to point to a specific individual,” said Dan Larkin, the FBI’s unit chief for the IC3. “Our goal is to bring impact in a broad sense, but clearly to bring prosecutions against individuals.”

Though Bank of America didn’t confirm its participation in the Digital PhishNet initiative, spokesperson Betty Riess confirmed the organization sees phishing as a serious issue and has been working to educate its customers.

“They [phishers] keep getting better. I think there are certain signs [in messages], like typographical errors, but they do keep getting better,” said Riess. “It’s certainly something we need to be aware of when we communicate and how we communicate.”

Related reading