RealTime IT News

AOL Takes Phishers to Court

Using Virginia's first-in-the-nation anti-phishing law, America Online (AOL) filed three civil lawsuits today seeking $18 million in damages against unidentified phishers.

According to the John Doe lawsuits, the phishers sent official-looking e-mails to AOL members in an attempt to trick and lure them to Web sites that mimic the appearance and feel of official AOL or CompuServe Web sites.

Once its members took the bait and went to the fake sites, they were sometimes fooled into giving up personal information such as AOL screen names, passwords and credit card information. Phishers then used the information to traffic in stolen identities and to compromise credit cards and personal identities.

"Phishing scams have grown more sophisticated and more dangerous to consumers," Curtis Lu, AOL senior vice president and deputy general counsel, said in a statement.

"At AOL, we are using every legal and technical means at our disposal to drive phishers from the AOL service."

The Dulles, Va.-based AOL is the first independent service provider (ISP) to use the Virginia law, passed last summer, to go after phishers. The lawsuits also claim violations of federal trademark laws and the Federal Computer Fraud and Abuse Act.

According to the lawsuits, the targeted phishing groups used "vast resources and creativity" to design fake Web sites to mislead consumers. AOL said it has stored "tens of thousands" of examples of phishing e-mails transmitted.

"We are going to continue to play our part in protecting the sanctity and integrity of the e-mail experience of the Web, and today's actions are a part of our ongoing, successful, and comprehensive anti-spam and anti-identity theft work," Lu said.

AOL claims it catches most phishing e-mails in its efforts to block, on average, 1.5 billion spam e-mails daily. AOL also blocks at its gateway 80 percent of all incoming mail to members as spam.

AOL has also launched a program that blocks delivery of e-mails with links to known phishing sites. Links in e-mails from unknown senders are disabled by default to add another layer of protection for members.

AOL also blocks access to known phishing sites for members who use either the AOL software or the AOL Explorer browser to access the Web.