Amazon.com, Inc., and Microsoft Corp. today announced the filing of several lawsuits against phishers and spammers who targeted consumers by spoofing Amazon.com’s domain name and perpetrating phishing scams with spoofed Amazon.com Web sites. The two Washington state-based companies have teamed up in an attempt to eliminate e-mail scams that affect Internet users worldwide including customers of both companies. The two Seattle-area neighbors have worked together to identify the architects of these schemes, and are collaborating to test possible technical solutions that would make it more difficult to deliver fraudulent and deceptive e-mail to consumers.
Amazon.com and Microsoft filed a joint federal lawsuit against a Canadian spamming operation allegedly responsible for sending millions of deceptive e-mail messages, including e-mail forgeries falsely purporting to have come from Amazon.com, Hotmail.com and other domains (a practice called “spoofing”). The suit, filed in the U.S. District Court in Seattle, alleges that Gold Disk Canada Inc., located in Kitchener, Ontario, along with co-defendants including Barry Head and his two sons, Eric and Matthew, mounted illegal and deceptive spamming campaigns that have misused Microsoft’s MSN® Hotmail® services and forged the name of Amazon.com.
Both companies have been at the forefront in the fight against two of the more insidious tactics used by online thieves to mislead and defraud consumers: spoofing and phishing. “Spoofing,” or using a forged e-mail address, is an illegal online marketing scheme that conceals a sender’s true identity and falsely identifies someone else as the sender. “Phishing” is an even more egregious tactic designed to steal credit card and other financial information from its victims. Phishers send fraudulent e-mail that is disguised to look as though it comes from a respected company. The e-mail message either asks recipients for confidential financial information or directs recipients to a Web site—designed to mimic a trusted Web site—where they are asked to input private personal data such as login information, passwords and credit card numbers.
In addition to the lawsuit filed jointly with Microsoft, Amazon.com filed another three lawsuits in King County Superior Court in Seattle against unidentified defendants allegedly involved in phishing schemes designed to defraud Amazon.com customers. Microsoft, too, filed a new and separate lawsuit against Leonid (“Leo”) Radvinsky and his Chicago-based businesses Activsoft, Inc., and Cybertania, Inc., along with several additional unidentified defendants against whom Amazon.com filed suit in August 2003. The lawsuit alleges that Radvinsky sent millions of illegal and deceptive e-mail messages to MSN Hotmail customers, including messages that were falsely labeled as coming from Amazon.com.
“The best way to stop spammers and phishers is to hit them hard in the pocketbook,” said Washington Attorney General Christine Gregoire. “I am pleased to see Microsoft and Amazon.com team up and use our laws as they were intended. They pose a powerful legal threat and will send a strong message that there will be a high cost to pay for those who flood our mail boxes with irritating, offensive and fraudulent junk mail.”
“Since August 2003, Amazon.com has received tens of thousands of e-mails from customers, alerting us to potentially fraudulent e-mail activity,” said David A. Zapolsky, vice president and associate general counsel for Amazon.com. “We are going to continue our efforts to protect customers from these schemes and will prosecute those responsible to the fullest extents of the law.”
“Today’s alliance should be yet another wake-up call for spammers and phishers that the industry is teaming up, pooling resources and sharing investigative information to put them out of business,” said Brad Smith, general counsel for Microsoft. “We are pleased to be working closely with Amazon.com to find creative and effective solutions that make it harder for spammers to continue this kind of deception.”
To help combat the problem, in August 2003 Amazon.com established an e-mail address, firstname.lastname@example.org, to which customers can send complaints about spoofed e-mail messages or e-mail thought to be sent by phishers. The text of the lawsuits announced today is available online at http://www.amazon.com/stopspoofing and is summarized in a case fact sheet below.