Reeling in the phishers

Coalition is prepared to move in as soon as phishy activity surfaces

Phishers beware. IT is watching you watching them. The FBI is out to get you jailed, too.

Enterprises are banding together in an alliance dubbed Digital PhishNet to share information with one another and with the FBI about phishing schemes and breaches — the second they happen. The alliance’s formal announcement came last month.

Stirling McBride, a fraud investigator at Microsoft, advanced the effort early on. Microsoft’s security team has long been trolling the Internet for anything phishy and forwarding that information to the FBI's Internet Crime Complaint Center (IC3), as have other heavy hitters, including America Online, EarthLink, and Lycos.

PhishNet’s primary anti-phishing tool will be a shared database into which members enter information such as IP address, scam site registrant, and site host. The National Cyber Forensics and Training Alliance will analyze the data and create criminal profiles, which they will forward to law enforcers.

“Coordinated information about phishing schemes will help us focus on the most serious offenders,” says Dan Larkin, unit chief at the IC3. “Digital PhishNet facilitates critical data collection between a large number of the targets of these crimes and establishes a pipeline directly to law enforcement, in real time, before the phisher has had time to disappear.”

Timing is crucial. “We have to move as quickly as the phishers do — and they move very quickly creating phony sites, collecting credit card and other personal information, and then dismantling the site within just a couple of days,” Larkin says.

Founding members of Digital PhishNet include AOL, Digital River, EarthLink, Lycos, Microsoft, Network Solutions, VeriSign, the FBI, the Federal Trade Commission, the U.S. Secret Service, and the U.S. Postal Inspection Service.

Enterprises are invited to join by registering at

Although Digital PhishNet won’t put an end to phishing, hopefully it will do more than the skeptics expect. Phishing is an international problem, and law enforcers will have to contend with layers of bureaucracy and all the various laws governing online fraud.

Much will depend on whether companies opt to share information about scams openly, something many have been reluctant to do. Shortly after Digital PhishNet was announced, InfoWorld asked EarthLink what countries host the majority of phishing Web sites. EarthLink’s PR company provided the response: “The company does not proactively discuss where the largest number of phisher sites are hosted.”

Nonetheless, Digital PhishNet is out to prove that security by obscurity is rarely effective.