US Senator bids to outlaw phishing and pharming attacks

By Steve Malone

Posted on 7 Mar 2005 at 11:35

A US Senator is to introduce a bill to specifically outlaw the practice of 'phishing'. Similar to the controversial CAN-SPAM law which was signed into law at the beginning of last year the Bill, if passed, will allow for a five year jail term and a fine of up to $250,000 for anyone convicted of phishing or the related practice of 'pharming'.

Phishing is the practice of sending emails to someone purporting to represent of a company with which that person does business. The aim is to convince them to part with sensitive personal information which can be used fraudulently to gain access to bank accounts and other private services.

The Bill also seeks to outlaw 'pharming' where users are redirected to sites which look like a legitimate destination but in fact are there to capture personal information.

The practice has boomed in the past few years. The most recent anti-phishing report says that in the six months up to January this year, the monthly growth in phishing attacks rose on average by 28 per cent.

Although, on the face of it, phishing would appear to be covered by the existing fraud laws simply asking for credit card numbers or whatever is, in itself, currently not illegal. Vermont Senator Patrick Leahy is seeking to outlaw the practice. Launching the Bill Sen. Leahy said 'Some phishers and pharmers can be prosecuted under wire fraud or identity theft statutes, but often these prosecutions take place only after someone has been defrauded'

Which might be easier said than done. Often the phisers will send out tens of thousands of emails which direct unsuspecting customers to a fake web site. According to the anti-phishing report, these sites on average are only up for 5.8 days before the criminals move on.

So far the main reaction of the Internet has been to raise awareness of the dangers of phishing and to alert possible victims as soon as the attack takes place. Last month Microsoft, Visa and others launched the Phish Report Network which seeks to close down traffic to phishing sites as soon as they show themselves.