A collaborative initiative involving several major
industry players and US law enforcement agencies was launched this
week in an effort to deal with the growing problem of online
phishing scams.
The group, called Digital PhishNet, includes companies such as
Microsoft, AOL, VeriSign and EarthLink, as well as government
agencies such as the FBI, the US Secret Service and the US Postal
Inspection Service.
The group hopes to improve the flow of information between
industry and law enforcement agencies about phishing attacks, said
Dan Larkin, unit chief at the FBI's Internet Crime Complaint
Center.
Because phishers are able to create and dismantle phony sites
rapidly, "the key to stopping them is to identify and target them
quickly", Larkin said.
"Our industry partners have a unique perspective regarding these
schemes, and how they look early on, that we in law enforcement
don't always have," he said.
Having technology players working closely with law enforcement
agencies is a good approach to dealing with phishers, said Avivah
Litan, an Gartner analyst.
"Law enforcement is not really equipped to deal with these
cybercriminals," she said. "They don't have the technical skills or
the staff."
As a result, technology companies will have to "spoon-feed" them
with a lot of the data and the evidence needed to go after
phishers, she added.
Industry groups such as the Anti-Phishing Working Group have
reported sharp increases in phishing scams over the past year.
Between July and October alone, the number of phishing sites grew
by an average of 25% a month, with 1,142 sites reported active in
October.
According to Gartner, for the 12-month period that ended last
April, phishing attacks cost victims $1.2bn (£625m) - with US
companies bearing most of the costs.
The newly formed coalition should help industry and
law-enforcement to formulate a better response to the growing
menace, said Judy Lin, an executive vice-president at VeriSign.
Apart from sharing information with law enforcement, the group
will also investigate ways of legally "leveraging technology to
bring down sites" that are being used to launch phishing attacks,
Lin said.
Because of the cross-border nature of the problem, the FBI is
working on garnering support from law enforcement agencies in other
parts of the world, Larkin said.
Jaikumar Vijayan writes for IDG News Service