Microsoft, Amazon Team Against Phishers

Seattle-area neighbors and Microsoft today announced the filing of several lawsuits in connection with spoofing and phishing scams that deceive consumers and misuse Amazon’s brand name. and Microsoft filed a joint federal lawsuit against a Canadian spamming operation. filed three other “John Doe” lawsuits against unidentified defendants allegedly involved in phishing schemes designed to defraud customers. Microsoft filed another lawsuit against defendants that sued in August 2003 for allegedly spamming Hotmail customers with messages purporting to be from

“It’s an extension of efforts that we’ve done since last year to work with other companies, and state and federal legislators, to try and regulate this kind of conduct, and bring all legal remedies against them that we can, in order to deter the individuals we sue as well as others who might consider engaging in this kind of conduct,” said David A. Zapolsky, vice president and associate general counsel for

The lawsuits accuse the defendants of a combination of spamming (define), spoofing (define), and phishing (define) techniques.

“What we’ve done is file a series of lawsuits that we hope will send a strong message to these online scammers. The key here is partnership across the industry. We all realize we can’t take on these online scams by ourselves, and that we need to partner with government and join forces across the industry to turn the tide on this,” said Tim Cranton, a senior attorney at Microsoft responsible for online safety enforcement.

The joint suit, filed in the U.S. District Court in Seattle, alleges that Gold Disk Canada Inc., located in Kitchener, Ontario, along with co-defendants, including Barry Head and his two sons Eric and Matthew, mounted illegal and deceptive spamming campaigns that have misused Microsoft’s MSN Hotmail services and forged the name of

By combining resources, the two companies can share evidence and pursue additional legal strategies to build a stronger case. Microsoft can pursue the suit using the CAN-SPAM Act, since its Hotmail servers are being used for illegal purposes, and its Hotmail customers are being targeted. Amazon comes at it from a trademark infringement perspective.

“It requires a great deal of resources to investigate and track. That’s one reason why working cooperatively with companies like Microsoft helps. They have access to different information than we do, and vice versa,” Zapolsky said. “One of the statements we want to make to the spoofers and spammers who are using’s name is that we are willing to devote the resources to track them down and bring legal action against them.”

By filing the “John Doe” suits, will gain legal ground to subpoena information from email service providers and Web hosts through which the scams were perpetrated. If this process, which could take up to four months, turns up the identity of the scammers, the lawsuits will be amended with that information and then could be turned over to legal authorities for criminal prosecution within 6 to 12 months.

“We work hard to create a relationship of trust with our customers. We’re concerned that people who make it look like their emails are coming from might damage that trust. That’s something we work hard to protect, and it’s something that we don’t want damaged,” Zapolsky said. “Our idea is to make it as economically painful as possible and to make the consequences as severe as possible. We’ll seek every remedy that’s available.”

While CAN-SPAM directly addresses spoofing, and creates heightened penalties for using deceptive practices in email, there is not yet a law specifically addressing phishing. At present, these lawsuits take on phishing as a trademark-violation issue, and then will have to go one step further and prove that a phishing scam resulted in identity theft.

“You can do it, you can prove it, but it would be better if the act of phishing itself was actionable and had clear criminal penalties associated with it,” Cranton said. “It’d be great if we had very specific anti-phishing criminal laws. But we’re in a good position once we can establish what actually happened and the impact on Internet users.”

Related reading