Internet companies and law-enforcement agencies said Wednesday they will work together to track down online scam artists who pose as banks and other legitimate businesses, a practice known as "phishing."
Businesses will be able to notify the FBI and other authorities instantly when they see a new phishing attack -- a necessary move when pursuing fly-by-night scam artists who close up shop quickly, participants in the Digital PhishNet project said.
"Speed is everything. Immediate action is key to not only shutting it down but to getting any information while something is still operating," said Les Seagraves, chief privacy officer of Internet service provider EarthLink Inc..
Phishing has emerged as a potent online threat over the past two years, combining "spam" e-mail with slick Web sites that trick consumers into giving out bank-account numbers, passwords and other sensitive information.
Phishing e-mails often come cloaked in the corporate logos of legitimate businesses like eBay Inc. or Citibank , bearing messages like "account update needed."
Internet users who click on a link in the message are directed to a Web site asking for their account numbers. Scam artists then resell that information to identity thieves or use it themselves.
Other members of Digital PhishNet include Microsoft Corp. , America Online Inc.., Lycos Inc., Digital River Inc.., VeriSign Inc. and Network Solutions.
Nearly 1,200 phishing sites and 7,000 unique phishing e-mail messages were reported in October to the Anti-Phishing Working Group, a consortium of banks, online retailers and other businesses formed earlier this year to fight the problem.
Phishing sites were online for an average of 6.4 days before they were taken down, the group said.
Though the phishing attacks are growing more sophisticated since they first appeared in early 2003, consumers are becoming more sophisticated as well, EarthLink's Seagraves said.
EarthLink received 20,000 phone calls from confused customers when the company was first spoofed in a phishing attack a year ago, he said.
"Now we get maybe less than 300 calls, and almost all of those are, 'Hey you have another phishing attack,"' Seagraves said.
Participating law-enforcement agencies include the FBI, the Federal Trade Commission, the U.S. Secret Service and the U.S. Postal Inspection Service.