New Phishing Law Could Net Offenders 5 Years
Democratic Senator Patrick Leahy (D-VT) introduced an anti-phishing bill that would increase punishments for convicted offenders.
The bill proposes stiff penalties including up to 5 years in prison and fines as steep as $250,000. For those who are still unsure of what exactly phishing does, Wikipedia offers a thorough description
Phishers usually work by sending out spam e-mail to large numbers of potential victims. These direct the recipient to a Web page which appears to belong to their online bank, for instance, but in fact captures their account information for the phisher’s use.
Typically, a phishing email will appear to come from a trustworthy company and contain a subject and message intended to alarm the recipient into taking action. A common approach is to tell the recipient that their account has been de-activated due to a problem and inform them that they must take action to re-activate their account.
Because of the explosion of phishing-related attacks, Senator Leahy decided to put his political power to use. According to InformationWeek.com,
The Anti-Phishing Act of 2005 will put the pressure on phishing criminals, Leahy said in a statement. “Some phishers can be prosecuted under wire fraud or identity theft statutes, but often these prosecutions take place only after someone has been defrauded…that leaves plenty of time to cover their tracks. Traditional wire fraud and identity theft statutes are not sufficient to respond to phishing.”
Leahy also took aim at the newer practice, dubbed “pharming,” that doesn’t use e-mail, but instead exploits browser vulnerabilities to redirect users to phony sites or overlays bogus account access forms atop the real Web site deal.