Internet Fraud Alert Center will help rescue Stolen Account Credentials

June 17, 2010

In a major step to slow cybercrime, Microsoft has launched a coalition that will serve as a clearinghouse for reports about caches of stolen data Relevant Products/Services stashed all across the Internet.

Microsoft and the National Cyber-Forensics and Training Alliance (NCFTA), with the support of Accuity, the American Bankers Association, Anti-Phishing Working Group, Citizens Bank, eBay Inc., Federal Trade Commission, National Consumers League and PayPal are introducing a new program to help identify potential fraudulent financial activity due to online fraud and to notify the institutions involved that their customers personal identity may be at risk of abuse.

Malicious programs crafted to swipe your financial and personal data have come to saturate the Internet, so much so that security researchers routinely ferret out computer servers used by cybercrooks to hoard stolen data. Until now, there was no specific process for reporting such discoveries.

The Internet Fraud Alert center will serve as a reporting hub. Stolen payment card numbers and online banking account logons will be routed to the issuing banks. The institutions will then decide whether to alert customers, suspend the accounts or pursue legal remedies.

Stolen Social Security numbers, birth-dates and other personal data will be archived offline by the NCFTA and made available, as needed, to law enforcement.

“This fills a big gap in the arsenal of weapons we need to fight online fraud,” says Nancy Anderson, Microsoft’s deputy general counsel.

The stakes are high. Phishing scams, just one method of cyberthievery, revolve around tricking Web users into divulging sensitive data. Last year, phishing gangs duped 1 million U.S. households into losses of some $650 million, according to Anti-Phishing Working Group, a consortium of banks, retailers, Internet host providers, tech-security companies and law enforcement agencies.

Data thieves routinely access compromised PCs they have set up as storage servers. They typically store small caches of stolen data on one server, then move on to the next, says James Brooks, product-management director at security firm Cyveillance. Stashing data in this way helps thieves stay ahead of anti-virus filters.

One such server recently discovered by Cyveillance contained 6,000 logons to active accounts in six social networks and 1,200 logons to financial accounts at nearly 30 banks. “We’ve found caches storing sensitive data for hundreds of thousands individuals,” Brooks says. “Most often it’s a few hundred to a few thousand.”

Inaugural members of the Internet Fraud Alert group include the American Bankers Association, Anti-Phishing Working Group, Citizens Bank, eBay, the Federal Trade Commission, the National Consumers League and PayPal.

The eventual participation of Google, Yahoo and Facebook could be a key to long-run success, says Dan Clements, spokesman for Affinion Security Center’s CardCops division. That’s because those tech giants each day collect mountains of Internet traffic data that could be sifted to track down the major wellsprings of criminal activity.

The program was unveiled today and will go into effect immediately.
For more information see:

Consumers interested in learning more about staying safe online and limiting the risk of identity theft can visit :