AOL has filed three civil lawsuits against major phishing "gangs", seeking $18 million from the groups, the company said on Tuesday.
AOL, using a Virginia antiphishing law adopted in July 2005, filed the lawsuits against several phishing groups in US District Court for the Eastern District of Virginia. The lawsuits also cite federal law focusing on trademark and antispam rules.
AOL filed suit against 30 unnamed phishing organisations, many of them outside the US, said Nicholas Graham, an AOL spokesman. Through the lawsuits, AOL hopes to identify the phishing operations, and the company expects the number of defendants will grow as the lawsuit moves forward, he said.
"Our intention is to bust them apart and put them out of business, which is good for AOL and good for the internet at large," he said.
The company accuses several phishing organisations of sending AOL and CompuServe members email messages attempting to trick and lure them to fake web sites intended to look like the sites of legitimate companies. The phishing scams try to fool users into giving up their personal information, such as AOL screen names, passwords and credit card information.
The scams targeted customers' personal information linked to several companies, including AOL, the company said.
The money AOL is seeking would address the effect phishing groups have had on the company, not individual AOL users. While the Virginia antiphishing law does not allow private citizens to sue phishing organisations, the monetary award would "directly" benefit AOL users because the company would use the money to fight phishing and other internet scams, Graham said.
AOL has collected tens of thousands of examples of email messages transmitted by what the company called phishing "gangs", it said. The company did not identify the "gangs" or give their locations.
Phishing scams are a serious problem, AOL said. The US Internal Revenue Service is warning of widespread phishing email scans as tax filing deadlines near. The Anti-Phishing Working Group found nearly 50,000 phishing websites created last year; more than 7,000 in December alone, the company noted.