Microsoft is helping law enforcers hunt down criminals who try to steal bank account details on the Internet and has initiated 129 lawsuits in Europe and the Middle East, the U.S. software company said.
One court case in Turkey has already led to a 2.5-year prison sentence for a so-called "phisher" in Turkey, and another four cases against teenagers have been settled out of court, Microsoft said on Wednesday, eight months after it announced the launch of a Global Phishing Enforcement Initiative in March.
"Sometimes we initiate our own legal action, but more importantly we work with law enforcement agencies," said Nancy Anderson, deputy general counsel at the software company.
Of the 129 lawsuits that have been initiated, 97 are criminal procedures in which Microsoft and other technology companies have provided information.
The announcement was made at a European Union conference on identity theft in Brussels.
Phishing has mushroomed over the last few years, with the number of attempts to trick citizens into handing over their bank account details almost doubling in the first half of 2006 to 157,000, according to a recent report from security software vendor Symantec .
The total amount of damages from phishing is expected to be $2.8 billion in 2006 alone, research group Gartner estimates.
Phishers send emails, in which they pretend to be a financial institution or other legitimate organization, asking people to verify personal information such as account numbers and passwords.
While criminal complaints are aimed at what Microsoft believes to be real criminals, the civil lawsuits are aimed mainly at young people without criminal intent. For them, settlements of 1,000 to 2,000 euros ($1,290-$2,570) are deemed to be enough of a deterrent, Microsoft said.
Microsoft can initiate civil lawsuits even when it is not the target of identity theft, because legal systems in many countries allow anyone suffering from attacks to claim damages.
The U.S. company has an investigative team at its headquarters in Redmond, Washington, which uses Web-crawling software and customer complaints to find out where attacks are taking place. Old-fashioned investigative techniques are then used to discover the identity of the phishers.
Before legal action was taken, 253 cases were investigated. Most of the investigations and 50 of the criminal complaints were filed in Turkey. Germany was second with 28 criminal complaints and France third with 11.
Britain led the civil orders with 18 out of a total 32.
Cases were also filed in Dubai, Italy, Morocco and the Netherlands.