Amazon.com and Microsoft have joined forces for what they described as a “wake-up call” to spammers, filing lawsuits seeking damages from defendants they say sent millions of pieces of spam and attempted phishing and spoofing against the two companies’ customers.
The companies together sued a Canada-based alleged spamming ring they say sent e-mails designed to look like they were coming from Amazon.com or one of Microsoft’s Hotmail.com addresses.
The amount of damages being sought was not disclosed. Amazon and Microsoft also said they would work together to develop technological solutions to the problems.
Washington State Attorney General Christine Gregoire said the two companies, both based in Washington state, pose a “powerful legal threat” and that the lawsuits will send a message to would-be spammers and phishers that “there will be a high cost to pay for those who flood our mail boxes with irritating, offensive and fraudulent junk mail.”
Crossing the Border
The joint suit was filed yesterday in U.S. District Court in Seattle against Gold Disk Canada and its principals — Barry, Eric and Matthew Head — and alleges that the company misused Microsoft’s Hotmail services and forged the name of Amazon.com in thousands of e-mails.
Amazon also filed three separate lawsuits in Washington Superior Court against unidentified defendants, alleging similar charges, while Microsoft on its own filed suit against Chicago-based Activsoft and Cybertania, which Amazon hit with a lawsuit last year.
Amazon said it began to lay the groundwork for the legal action after receiving thousands of messages to a dedicated address it set up last August for Amazon customers to send suspicious messages that purported to be from the company.
In the year since, “Amazon.com has received tens of thousands of e-mails from customers, alerting us to potentially fraudulent e-mail activity,” Amazon Vice President and associate general counsel David A. Zapolsky said. “We are going to continue our resident efforts to protect customers from these schemes and will prosecute those responsible to the fullest extent of the law.”
It was not immediately clear whether any of the false e-mails were successful in obtaining personal information from unsuspecting users or if any identity theft occurred.
Microsoft general counsel Brad Smith said the moves should be yet another wake-up call for spammers and phishers that the industry is teaming up, pooling resources and sharing investigative information to put them out of business.
Both companies have attempted to use the courts in the past to stem the tide of spam and halt phishing attempts to steal personal information, but recent evidence indicates that both practices are continuing to increase.
A report by leading Internet security firm Symantec earlier this month said that attacks that target e-commerce users have risen sharply, led by phishing attempts. The Anti-Phishing Working Group reported last month that it was aware of nearly 2,000 separate phishing campaigns in July, most targeting customers of major banks and financial institutions, with such attacks growing by an average of 50 percent per month.
Some analysts see the suits as just the latest evidence that the interests of consumers and online businesses are merging into one. Where spam was once seen as a nuisance only and not one worth expending resources to address, it’s increasingly being seen as a dire threat to the continued growth of online commerce of all stripes.
“It’s now becoming more evident that spam can lead to online fraud that can severely damage customers’ confidence in any given company and in the Internet in general,” Gartner analyst Avivah Litan said. “Companies now have self-interest to get involved and protect their customers as well as themselves.”
Because phishing works — the Anti-Phishing Working Group estimates carefully designed campaigns can see a response rate as high as 5 percent — such lawsuits may not be enough to dissuade successful spammers.
Phishers usually harvest personal information that they then sell on the black market to third parties who are usually responsible for actual identity theft, Peter Cassidy, a spokesman for the Anti-Phishing Working Group, said.
With that strong financial incentive, many will continue to attempt phishing. But such lawsuits do have value, not only in scaring off some would-be spammers, but in raising public awareness. Cassidy said the best thing the industry can do to reduce the threat of phishing is cut down on spam.
“If you can slow down the volume of spam, you can slow down the number of successful hits that phishing attacks make,” he said.
Cooperation among Internet companies such as the Microsoft-Amazon alliance and an earlier agreement between Yahoo! and Microsoft to use Sender ID to identify the source of messages are, along with consumer education, possibly the best antidote available, he added.