Microsoft, Amazon to combine forces
written by Gal Ori Steinitz on Wednesday, September 29, 2004
Individually they’ve been unstoppable in their respective industries. They’re both legends that have survived the dot com burst and came out winners. Now they’re using both their muscle to combat a Canadian spammer who has been using spam to perform "phishing" fraud.
First, an introduction to Phishing:
"Phishing", for the uninitiated, is a form of fraud which uses fake, but official looking e-mails to solicit information from consumers such as credit card numbers, social security numbers, or even just login information to specific sites, such as Amazon.com. Yours truly has received at least 10 phishing e-mails over the last few months, and that’s just the 1% that gets through my double spam filters. The last e-mail I received looked like it came from Citibank Smith Barney investment group. The “From”, looked legit. The e-mail itself used an official logo, and looked legit. The “click here to give us your confidential information” link looked legit. The only way you could tell its not legit was to hover your mouse cursor over the link and see where it actually leads to, which was to a site in Russia.
I obviously didn’t fall for it, but if you combine a phishing e-mail with the mass distribution of a spammer, an e-mail like this can be delivered to millions of addresses, and if even .01% of people fall for it, it was worth it. It’s the same economic formula as spam for selling commercial products, except the prize is much bigger.
Now Microsoft and Amazon are taking action, together. A lawsuit was filed on behalf of both powerhouses against "Gold Disk Canada", claiming its owner Matthew Head used Microsoft’s Hotmail free web based e-mail service to send fake e-mails deceptively showing as if they were sent from Amazon.com.
Microsoft also recently introduced the new Sender ID specification, which implements a Caller ID type system for e-mail, in an attempt to curtail the tidal waves of spam experienced by anyone with a dial up connection and an e-mail account. The idea was noble but analysts have recently announced that spammers have actually been better at conforming to the new Sender ID specification than legitimate e-mailers, and thus the whole effort has been in vain.
