Amazon Targets Phishers in Lawsuits

Share this content: has filed a series of lawsuits against spammers who targeted its customers with e-mails trying to defraud them, the company said yesterday.

In three cases filed Sept. 27 in King County Superior Court in Washington, Amazon accuses up to 60 unidentified defendants of sending unsolicited e-mail that appeared to come from Amazon. The e-mails told consumers that they needed to confirm their account details due to recent activity, asking them for login and financial information on a Web page that mimicked Amazon's.

"We work really hard to gain the trust of our customers," said David Zapolsky, vice president and associate general counsel at Amazon. "When people use our name to get around spam filters or to try phishing, we're concerned that could exploit our customer trust."

Fellow Seattle-area company Microsoft helped Amazon develop the cases and joined it to pursue two additional ones. In one, filed in U.S. District Court in Seattle, the companies are suing Gold Disk Canada, alleging three Canadian men spoofed the Amazon domain to avoid spam filters at MSN and Hotmail. Yahoo sued Gold Disk and its operators, Eric, Matthew and Barry Head, in March, part of the first wave of lawsuits under the federal CAN-SPAM Act.

By teaming up, Zapolsky said, Amazon and Microsoft can pursue spammers from multiple angles, with Microsoft using legal remedies for Internet service providers and Amazon pursuing claims on trademark infringement and cyber-piracy grounds.

In another case filed in U.S. District Court in Seattle, Microsoft sued Leonid Radvinsky, alleging the sending of e-mails that spoofed Amazon's domain. Amazon already filed a lawsuit against Radvinsky that is set to go to trial in May 2005, the company said.

In August 2003, Amazon filed 11 lawsuits against individuals and companies in the United States and Canada that it alleges sent e-mail mimicking Amazon in order to defraud consumers. At the same time, the New York attorney general's office announced a settlement with on charges it spoofed Amazon's domain name in phishing attacks. Four of those cases have been settled, Zapolsky said.

According to the Anti-Phishing Working Group, a coalition of businesses fighting the problem, these frauds have grown sharply in the past year. The group reports 1,974 phishing attacks in July, with a 50 percent average monthly growth rate. The Gartner Group estimates phishing fraud cost $1.2 billion in damage in 2003.

The prevalence of phishing is a threat to a company like Amazon, which sends millions of e-mails yearly to confirm purchases and market to customers. In August 2003, Amazon set up an e-mail address for customers to send e-mails they think phishers sent. Though Amazon is not a top target for phishing scams, Zapolsky said it has received "tens of thousands" of messages to the account, some of which helped develop cases against phishers.

In one case Amazon filed, it alleges the defendants sent e-mail appearing as if it came from Amazon. The message told users their Amazon account was accessed improperly and they would need to verify their user name, password and credit card information. The e-mails linked to a Web page set up to collect the information.

The Anti-Phishing Working Group estimates that phishing attacks like this garner a 5 percent success rate. Banks, online retailers and credit card companies are the most common brands used by phishers.

"Any company that does business online that has an account-based system can be a target," said Quinn Jalli, director of privacy at Digital Impact, a San Mateo, CA, e-mail service provider.

Zapolsky said Amazon regularly reminds customers that it will not ask them for financial information in e-mails. The Amazon Web site features a guide for avoiding e-mail fraud.

Citibank, U.S. Bank and eBay, the three brands most often hijacked by phishers, have devoted sections of their Web sites to e-mail fraud, to help educate consumers. The companies also set up e-mail accounts for customers to send suspect e-mails.

Along with its efforts to track down phishers and educate consumers, Amazon has endorsed efforts to establish e-mail authentication technologies to eradicate phishing scams, which depend on forged e-mail addresses. The e-tailer supports both Microsoft's Sender ID technology and the open-source Sender Policy Framework protocol.

"People shouldn't be waiting for authentication to solve this," Jalli said. "There's a lot of damage to be done in the interim."


Next Article in Digital Marketing

Sign up to our newsletters

Company of the Week

We recently were named B2B Magazine's Direct Marketing Agency of the Year, and with good reason: We make real, measureable, positive change happen for our clients. A full-service agency founded in 1974, Bader Rutter expertly helps you get the right message to the right audience at the right time through the right channels. As we engage our clients' audiences along their journey, direct marketing (email, direct mail, phone, SMS) and behavioral marketing (SEM, retargeting, contextual) channels deliver information relevant to the needs of each stage. We are experts at implementing and leveraging marketing technologies such as CRM and marketing automation in order to synchronize sales and marketing communications. Our team of architects and activators plan, execute, measure and adjust in real time to ensure the strategy is working as needed and change things if it's not.

Find out more here »

Career Center

Check out hundreds of exciting professional opportunities available on DMN's Career Center.  
Explore careers in digital marketing, sales, eCommerce, marketing communications, IT, data strategies, and much more. And don't forget to update your resume so employers can contact you privately about job opportunities.

>>Click Here

Relive the 2017 Marketing Hall of Femme

Click the image above