Microsoft sues 117 phishing websites

Microsoft has filed 117 lawsuits against people who it claims created phishing websites designed to look like pages hosted by the software giant.

The suits, filed on Thursday in Seattle in the US District Court for the Western District of Washington, are being brought against operators of websites that feature trademarked logos or images used by Microsoft on its official web pages and products. The "John Doe" suits do not identify the individuals involved.

Every one of the sites named in the lawsuits, which were online some time between October 2004 and March 2005, has already been taken down, said Aaron Kornblum, internet safety enforcement attorney at Microsoft. One of the primary goals of the legal attack is tracking down the individuals responsible for creating the fraudulent sites, he said.

"Today's filings represent a significant increase in Microsoft's commitment to fighting phishers through the legal process," Kornblum said.

Before the filings, Microsoft had only brought two claims against individuals it accused of phishing scams.

The fraud schemes typically involve the distribution of email messages constructed to appear as if they come from trusted companies, such as banks or online retailers. These messages attempt to lure people to bogus websites, where the victims are asked to divulge sensitive personal information. The phishing sites targeting Microsoft frequently tried to trick people into sharing their billing information or online password data.

The company and law enforcement agencies, including the Federal Bureau of Investigation, expect to gather more detailed information on the individuals during the discovery period of the cases, which will begin over the next several weeks, attorneys for Microsoft said.

"We are now, having removed the immediate danger to internet users from these sites, taking the next step to try and determine who is responsible for setting them up and helping to bring those people to justice," Kornblum said.

The suits involve Microsoft-trademarked logos and images such as the multicoloured butterfly icon used on its MSN online network. Many of the phishing sites attempted to mimic the web page designs used in Microsoft's Hotmail web-based email service. As a result, all of the lawsuits seek civil damages under the Lanham Act, which governs trademark use in United States.

In one of the phishing suits previously filed by Microsoft, Iowa resident Jayson Harris, aged 21, was found guilty in December 2004 of violating the company's trademarks. The Seattle district court ordered him to pay Microsoft a $3m settlement. In addition, the FBI raided Harris' home in July 2004 and confiscated his computers. Criminal charges have yet to be filed against Harris, but could be forthcoming, Kornblum said.

The other case is still in the discovery stages, Kornblum said.

As part of its announcement, Microsoft joined with representatives of the US Federal Trade Commission (FTC) and the National Consumers League to warn people about the continued threat of phishing sites. The simplest way to avoid the schemes is to resist responding to emails that demand detailed personal data, they said. Most often, when criminals trick consumers into handing over their information, the details are used to commit identity fraud.

Kornblum said that partnering with the FTC and others, including law enforcement officials, will remain one of Microsoft's primary strategies in pushing phishing scams offline.

Kornblum had warnings for people involved in fraud schemes too. "In addition to winning civil settlement, we also hope to see more phishers in orange [prison] jumpsuits. [Phishers] should know, it will only be a matter of time before they are found and prosecuted," he said.

Matt Hines writes for CNET News.com