Microsoft launches internet fraud alert system

Microsoft launches internet fraud alert system

Summary: The Internet Fraud Alert service is providing a clearinghouse where security researchers can report incidents and hand over stolen credentials to financial institutions

TOPICS: Security

Microsoft has teamed up with security and consumer groups to set up a centralised service where security researchers can report incidents of internet fraud and hand over stolen personal data.

Internet Fraud Alert, which began operations immediately on its launch on Thursday, is a partnership between Microsoft and the US-based National Cyber-Forensics and Training Alliance (NCFTA). It is supported by organisations including Accuity, the Anti-Phishing Working Group (APWG), eBay, the Federal Trade Commission and PayPal, Microsoft said.

With the service, security researchers can use a centralised alert system developed by Microsoft to report stolen data — such as online account login details or credit card numbers — that they come across during their work. They can also use it to notify the financial and other institutions responsible for the compromised accounts, Microsoft said.

There was previously no centralised way of securely passing information on account compromises between security researchers and service providers, retailers, financial institutions and government bodies, according to the software maker.

"To date, when the security community uncovers compromised credentials stemming from phishing attacks, for example, there has been no simple mechanism to warn the service provider or bank about the exposed credentials," Microsoft said in a statement.

Such compromises represent a growing threat, with the APWG receiving more than 410,000 phishing email reports in 2009, the software maker noted.

Organisations expected to participate in the service include retailers, financial institutions, service providers, technology companies, academic researchers, consumer advocates and government agencies, Microsoft said. Participating organisations will be vetted by payment-routing data provider Accuity.

Internet Fraud Alert will be operated by the NCFTA, which is backed by the FBI and Carnegie Mellon University, among others.

"One of the challenges of e-crime response is the routine mobilisation of e-crime event data that must be exchanged to protect consumers," said APWG secretary general Peter Cassidy in a statement. "Microsoft and NCFTA have done an enormous service to the e-crime response community by establishing this system to better enable industrial institutions to work together to protect consumers."

In the UK, the government this year set up a national service, the Action Fraud helpline, to handle reports of all types of fraud, including cybercrime. The helpline is the first service in the UK that allows individuals and small businesses to report cybercrime to a central agency. In the past, reports of e-crime such as phishing attacks or malware-related identity theft were handled by local police stations.

UK merchants say online fraud is now the greatest threat they face, costing them on average £400,000 in annual losses, according to a survey published in January by payments processing provider CyberSource.

Microsoft has been active in fighting internet fraud in the courts, for instance filing a lawsuit in May against a website accused of a new type of fraud called "click laundering".

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Is this what is known as, "giving back to the community", since Windows is the main cause of these thefts, and loss of information?
  • So lets get this straight. Microsoft write the software that gets hacked. Hundreds of security agencies spend millions finding stolen information to then give it all to, yes you guessed it, Microsoft. Gone then are the days that hackers are pale faced tired looking nocturnals, it will be like "Christmas came early". The final nail is of course that Microsoft will hold our information under US data prptection laws which are not unsimilar to posting it on a billboard on the side of a freeway.
  • I live in Colorado, USA

    I have tried to report an internet fraud perpertrated by someone in London. I don't know where to go to report this. My nephew is disabled and had to give up his internet service. A few days ago I received an email from someone in London claiming to be my nephew. He said he was in London, had been mugged and all of his bank cards taken. He asked for a loan of $2,000 U.S., saying he would pay me back as soon as he arrived back home. I am concerned that this person is sending similar messages to everyone in my nephew's contact list. The message gave a London address for me to send a moneygram. The person was literate in English but from the way he worded the message, I felt it was not his native language. Can anyone tell me where I can report this in the UK so that this person can be found and stopped. Thanks
  • Jayce, you might find this page useful:

    I picked it out from a Google search and I can't offer any more help than that, sorry.