Thank you for sharing!

Your article was successfully shared with the contacts you provided.
Online swindlers are busier than ever, thanks to the latest trick of the trade: phishing. By creating replicas of legitimate Web sites, they fool unsuspecting Internet users into divulging personal information such as birth dates and Social Security numbers. The phishers then use this data to set up fake credit card accounts or make fraudulent online purchases. Businesses that regularly ask customers to submit information online — such as financial institutions and Internet service providers — have seen their Web sites become especially popular targets for duplication. The Anti-Phishing Working Group, an industry association set up to combat identity fraud, reported a total of 1,707 active phishing sites in December — up 192 percent from July. According to the Cambridge, Mass.-based group, 85 percent of the fake sites targeted financial services companies. And now phishers are starting to hit other sectors like telecommunications and health care, says Shawn Eldridge, the chairman of Trusted Electronic Communications Forum, another anti-phishing group composed of companies in various industries. “Attackers are becoming far more sophisticated and agile, making it more difficult to track the offense to any one source,” Eldridge says. In-house lawyers at companies targeted by phishers say that stomping out the imitation Web sites calls for innovative tactics, quick action, and collaborative work. In general, attorneys say that they first focus on the short-term fix — getting Web hosting services to take down a bogus site — before turning to long-term solutions, such as bringing legal action against the phishers. In most phishing schemes, individuals receive an e-mail that purports to be from an established company. The message urges victims to click on a link that will supposedly take them to the business’s legitimate Web site, but instead goes to the phisher’s replica. The initial concern at a targeted company is to shut down the fake site before its customers get taken for a ride. That calls for speed, says Thomas Dailey, the general counsel of Reston, Va.-based Verizon Online. “You need to react as quickly as you can,” says Dailey. “You’re really trying to do this in hours, hopefully not days.” As companies receive reports of a new phishing site, their attorneys spring into action, locating where the site is being hosted and taking steps to get it off-line. In-house lawyers say that a phone call is usually sufficient to convince an American hosting service to pull the plug on a phisher. Foreign hosting providers aren’t always so helpful. “Certainly speed [in disabling a fake site] is the key, and that almost never happens with a foreign host,” says Les Seagraves, assistant GC at Earthlink Inc., the Atlanta-based Internet service provider. “There’s a [language] problem, or we’ve had [situations] where they just refuse, [because] they don’t know who we are and they’re not going to listen to us,” says Seagraves. In these instances, in-house attorneys have found that sending a cease-and-desist e-mail listing the various U.S. laws being violated will often work. Citigroup Inc.’s Edward Niehoff says that once a site is taken down, he asks the domain name registrar to transfer the infringing site name to his company. Niehoff, the general counsel for technology and intellectual property at New York-based Citigroup, says that he also forwards the details of each phishing incident to the U.S. Secret Service, which is mandated by federal law to investigate financial crimes such as computer fraud and identity theft. A Secret Service spokesperson says that the agency has occasionally helped shut down phishing sites, but that to date there have not been any large successful prosecutions of a phisher by law enforcement agencies. Some companies are going further on their own. In September, Amazon.com Inc. filed a trio of suits in state court in Seattle related to various phishing schemes that targeted the online retailer last summer. The suits seek injunctive relief and compensatory and punitive damages. Because Amazon doesn’t know who the culprit actually is, it filed John Doe suits and is currently pursuing third-party discovery. Earthlink sued a dozen phishers two years ago and obtained orders of permanent injunctions against all of the defendants. The company declined to provide details on the suits, citing the confidentiality of the court orders. Earthlink also filed a John Doe phishing suit last fall, which Seagraves says has enabled the company to fight phishing on an ongoing basis. The suit, brought in federal court in Atlanta, serves as a catch-all complaint to which Earthlink adds recent phishing incidents as they occur. Most importantly, it gives the company the power to subpoena Web server logs and other information that might point to the culprits. “We’d like to find out who they are, and number one, get them to stop and, two, see them in jail,” says Seagraves. “It’s kind of like spam: Once you have a couple examples, then people start to think more, and it becomes a deterrent.” Alexei Oreskovic is a reporter for Corporate Counsel , the ALM publication where this article first appeared.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.