New Internet Fraud Alert Helps Rescue Stolen Account Credentials

Microsoft (News - Alert) technology is powering a new Internet Fraud Alert, which is an early reporting system to help protect consumers and businesses from online fraud.

Through a centralized alerting system powered by technology developed specifically for this program, Internet Fraud Alert will quickly inform companies about compromised credentials, allowing them to take the appropriate action to help protect their customers.

Internet Fraud Alert reports stolen account credentials discovered online - such as username and password login information for online services, or, compromised credit card numbers - to the appropriate institution responsible for that account.

The first of its kind, Internet Fraud Alert represents an important step forward in fighting online fraud, Microsoft said.

It will enable security researchers and investigators to share information with service providers, retailers, financial institutions and government entities about incidents where compromised account credentials have been discovered.

 To date, when the security community uncovers compromised credentials stemming from phishing attacks, for example, there has been no simple mechanism to warn the service provider or bank about the exposed credentials.

"Those who traffic in stolen identities often use online tools to collect, share and profit from compromised account credentials, but those of us working to combat identity theft have a few tools of our own," said Nancy Anderson, corporate vice president and deputy general counsel at Microsoft Corp. "By combining new technology and critical partnerships, Internet Fraud Alert helps alert institutions to stolen credentials so they can take action to combat fraud."

The program was unveiled today and will go into effect immediately.

Microsoft said that phishing and malicious code attacks pose a serious threat to consumer identity and account credentials. In 2009, the Anti-Phishing Working Group received more than 410,000 unique phishing e-mail reports, and recent data from the group show that the number of brands being exploited by phishers is at an all-time high.

As the technology creator and sponsor, Microsoft is donating the tool to the National Cyber-Forensics and Training Alliance, a nonprofit organization dedicated to facilitating public-private partnerships between industry, law enforcement and academia on cyber security issues.

In addition, Accuity has donated a solution to assist NCFTA with the vetting of trusted institutions for participation in the program to help ensure the integrity of the alerting process.

"At a time when scams and the criminals who run them are becoming ever more sophisticated and networked, it is imperative that the forces arrayed against them keep pace to provide consumers with the maximum protection possible," said John Breyault, vice president of the National Consumers League.

In a related matter, a single electronic crime syndicate employing advanced malware was responsible for two-thirds of all the phishing attacks detected in the second half of 2009 - and was responsible for the overall increase in phishing attacks recorded across the Internet, according to a report released last month by the Anti-Phishing Working Group.