Striper Talk Striped Bass Fishing, Surfcasting, Boating

Today's focus: Microsoft sues phishers

By Linda Musthaler

Phishers, beware! You'd better not make your fake Web site look
too much like the real thing, or you might find yourself in
trouble for violating trademark law.

Microsoft recently filed 117 lawsuits against unnamed people
that it claims created bogus Web sites designed to look just
like authentic Microsoft sites. The purpose of these fake sites
is to trick people into providing personal information about
themselves, ostensibly for the intention of committing identity
theft. We commonly call this practice phishing.

The interesting thing about the lawsuits is that they claim
trademark violation. This is because there is still no
effective law on the books against the actual process of
phishing, or the fraudulent use of Web sites to gather private
information. There are laws against identity theft, but it's
very difficult to put the two acts together to meet the burden
of proof. In other words, it's hard to prove that a person
created a fraudulent Web site, intentionally collected personal
information via that Web site, and then used that information to
steal goods or services. State and federal legislators are
still trying to figure out the best way to tie all these
activities together to create an effective anti-phishing law.

So back to the trademark violation. Because the phishing sites
Microsoft points to in the lawsuits closely mimic actual
Microsoft sites - including trademarked logos and icons, such as
the colorful MSN butterfly - Microsoft can claim that the
operators of the sites violate the company's trademarks of those
logos. This is an easy thing to prove: either the logos are on
the mimicked sites, or they aren't. If they are there, the site
is in violation of the Lanham Act, a U.S. federal law governing
the use of trademarks.

The civil suits allow Microsoft as well as agencies such as the
FBI to investigate the origin of the bogus Web sites.
Microsoft said that all of the sites featured in the lawsuits
have already been removed from the Internet - a small victory
for both Microsoft and the targets of the phishing scheme. An
even bigger victory could come if and when Microsoft is able to
identify the perpetrators of the sites and sue them for
trademark violation.

Even though the suits are not criminal suits, they are no small
threat to the phishers. Microsoft already has one significant
victory under its belt. In December 2004, Jayson Harris was
found to be in violation of Microsoft's trademark rights, and a
Seattle district court ordered Harris to pay $3 million as a
settlement. No criminal charges have been filed against him,
but investigations continue and criminal charges could
eventually come to haunt him.

Phishing is a very serious threat to e-commerce. According to a
study conducted by the Anti-Phishing Working Group (APWG), at
least 140 brand names such as Microsoft and eBay have been
hijacked for use in online scams in the past two years.

In a separate matter of online security and identity theft, a
Bank of America customer filed suit against that company this
past February, claiming that B of A did not warn him of a
possible computer attack that could compromise his bank account.
A forensic study of the man's computer revealed that he was the
victim of a keystroke logger that most likely was placed on his
PC via a Trojan horse. The malware provided enough information
back to its source to allow the theft of $90,000 from the
victim's account.

If the customer wins this lawsuit against Bank of America, it
could shake the very foundations of e-commerce.

all THE MORE REASON TO BE READY TO WIPE YOUR SYSTEM CLEAN BY REFORMATTING YOUR HARD DRIVE WHEN YOU SUSPECT AN INTRUSION. :doh::bsod: