AOL filed three civil lawsuits yesterday against "several major phishing gangs". The lawsuits are the first by a major ISP to cite Virginia's anti-phishing statute, the first in the US, adopted in July 2005.

The suits also cite applicable Federal laws, including the Lanham (Trademark) Act, and the Computer Fraud & Abuse Act.

AOL is seeking total damages of $18m in the series of lawsuits which allege that the phishing gangs victimised AOL and CompuServe members through emails that attempted to drive them to bogus websites.

The three lawsuits, filed in the US Court for the Eastern District of Virginia, target "aggressive and complex identity thieves" who attempted to lure AOL members to websites that mimicked the appearance and feel of official AOL or CompuServe sites.

Once directed to the fake websites, AOL and CompuServe members were encouraged to enter their screen names, passwords, billing and other financial information.

The phishers then used this information to traffic in stolen identities, compromise credit cards and steal the personal identities of innocent internet users.

According to the lawsuits, the phishing groups used "vast resources and creativity" to intricately design hundreds of fake websites to mislead consumers. AOL has stored tens of thousands of examples of phishing emails transmitted by the gangs.

"Phishing scams have grown more sophisticated and more dangerous to consumers," said Curtis Lu, senior vice president and deputy general counsel at AOL.

"AOL is using every legal and technical means at its disposal to drive phishers from the AOL service to protect our members and to make the internet a safer place for all consumers."

The phishers targeted in the lawsuits spoofed a variety of prominent internet brands, including AOL's.