AOL Takes Fight Against Identity Theft To Court, Files Lawsuits Against Three Major Phishing Gangs

Business Wire, Feb 28, 2006

DULLES, Va. -- AOL Becomes First Major ISP to Use Virginia's New Anti-Phishing State Law

To help battle the rising tide of email phishing scams, devious email hoaxes, and complex identity theft on the Internet, AOL has filed three civil lawsuits against several major phishing gangs today, as part of AOL's wide-ranging efforts to protect the email safety and security of AOL's members.

The lawsuits are the first by a major ISP to cite Virginia's first-in-the-nation anti-phishing statute, adopted in July 2005. The lawsuits also cite applicable Federal laws, including the Federal Lanham Act (trademark law), and the Federal Computer Fraud & Abuse Act (antispam). AOL is seeking total damage awards of $18 million.

AOL's lawsuits allege that these phishing gangs - some believed to operate from abroad - victimized AOL and CompuServe members through emails that attempted to trick and lure them to fake Websites of legitimate online companies, for the purpose of fooling them into giving up their personal identifying information, such as AOL screen names, passwords, and credit card information.

"Phishing scams have grown more sophisticated and more dangerous to consumers," said Curtis Lu, Senior Vice President and Deputy General Counsel. "At AOL, we are using every legal and technical means at our disposal to drive phishers from the AOL service, not only to protect our members, but to make the Internet a better, safer place for all consumers. The phishers targeted in our lawsuits spoof a variety of prominent internet brands, including AOL. We are going to continue to play our part in protecting the sanctity and integrity of the email experience of the web - and today's actions are a part of our ongoing, successful, and comprehensive antispam and anti-identity theft work."

The AOL Anti-Phishing Lawsuits

The three lawsuits, filed in Alexandria, Virginia's U.S. Court for the Eastern District of Virginia, target aggressive and complex identity thieves who sent official-looking emails to AOL members in an attempt to trick and lure them to websites that mimicked the appearance and feel of official AOL or CompuServe websites. (See sample screen shots at links below.) Once directed to one of these fake websites, AOL and CompuServe members were encouraged to enter their screen names, passwords, billing and other financial information. These phishers could then use this information to traffic in stolen identities, to compromise credit cards and personal identities of innocent internet users - and then interfere with their online experience, and for some - to steal their identities and assets. According to the lawsuits, these phishing groups used vast resources and creativity to intricately design hundreds and hundreds of fake websites to mislead consumers. AOL has stored tens of thousands of examples of phish emails transmitted by these gangs.

The Serious and Ongoing Threat of Phishing

Phishing is a growing online threat as scammers adapt and refine their fraudulent efforts to trick consumers into giving up personal information. The IRS, for example, is warning of widespread phishing emails as tax filing deadlines near. The Anti-Phishing Working Group (www.apwg.org) found almost 50,000 phishing websites created last year - and more than 7,000 in December alone (see chart). A 2005 survey of personal computers by AOL and the National Cyber Security Alliance found that 1 of every 4 home computer users are hit by phishing attacks each month.

AOL: At the Forefront of Protecting Internet Users & Fighting Internet Miscreants

AOL has fought the scourge of spamming and phishing on a number of fronts - from lawsuits to advanced technology to certified mail programs. Every day, for example, AOL blocks an average 1.5 billion spam emails from reaching member inboxes, thereby catching most phishing emails. AOL also blocks 80% of all incoming email from the internet as spam at the gateway. Even with spam complaints down on the AOL service by more than 75% since its peak in late 2003, antispam filters blocked over 500 billion spam emails from reaching members in 2005, as announced in December. AOL has also launched a program that blocks delivery of emails with web links to known phishing sites. Web links in emails from unknown senders are disabled by default, to add another layer of protection for members. AOL also blocks access to known phishing sites for members who use either the AOL software or the AOL Explorer browser to access the Web. In Fall 2005, AOL announced partnerships with leading anti-phishing companies MarkMonitor and Cyveillance, and an expanded agreement with existing partner Cyota, to provide AOL members multiple layers of invisible protection against phishing attacks.

And, in October 2005, AOL and Yahoo! announced plans to implement a Goodmail Systems program known as 'CertifiedEmail' to make it even more difficult for phishers and spammers to deceive consumers into believing their emails are legitimate.

* * Editor's Note: Please find thumbnail sketches of the three lawsuits http://corp.aol.com/press/phish_summary.shtml; please find screenshots of some of the phishing attacks, scams, and hoaxes AOL is fighting against http://corp.aol.com/press/phish_screenshots.shtml; please find PDF copies of the three filed legal complaints http://corp.aol.com/press/phish_complaints.shtml; and please find a one page overview chart of AOL's antiphishing activities to date http://corp.aol.com/press/phish_overview.shtml.>