Tuesday, March 01, 2005

Sen. Leahy Introduces Phishing Bill

An article in the Washington Post discusses a bill aimed at the fastest-growing and most alarming form of Internet fraud.

"A senior Senate Democrat on Tuesday introduced legislation to impose tough penalties against persons convicted of launching 'phishing' scams -- a form of online fraud in which criminals use deception to trick computer users into giving up their personal and financial information. The Anti-Phishing Act of 2005, sponsored by Sen. Patrick J. Leahy (Vt.), would allow prosecutors to impose fines of up to $250,000 and jail terms of up to five years against anyone convicted of creating fake corporate Web sites and fraudulent e-mail messages designed to fleece consumers. The legislation would prevent online parodies and political speech from being prosecuted as phishing."

"The legislation comes in the midst of a substantial increase in the number of phishing attacks, as documented by security experts. More than 12,800 new and unique phishing e-mails were reported in January, a 42 percent increase over December, according to a report released last week by the Anti-Phishing Working Group (APWG), a coalition of banks and technology companies. The APWG tracked 2,560 phishing Web sites in January, a 47 percent increase from one month earlier and more than double the number of scam sites spotted in October. Estimates of consumer losses to phishing scams range from a few hundred million dollars to more than a billion dollars each year. According to experts, phishing scams often lead to identity theft and other crimes that can haunt consumers for years. Roughly three to five percent of people who receive phishing scams take the bait, the APWG said."

The Fundamental Principle of Phishing Protection:
Never, ever, log in to a site that you got to (directly or indirectly) by clicking a link in an email, no matter how legitimate the email appeared, nor how genuine the site looks. Either type in the URL by hand, or use a bookmark.

Phishing letters and sites have become alarmingly good replicas of the genuine article, and identity theft can be both expensive and damaging to your life.

Unfortunately, some normally reputable organizations continue to send out emails inviting you to click and log in. In my experience, the biggest offender is the Association for Computing Machinery (ACM)[confirmed], but I have also received such emails apparently from American Express.

Labels: ,


Comment by Blogger jasmine:

Excellent discussion on investment fraud. I bookmarked your blog. I have my own investment fraud blog if you want to take a look.

11:26 PM  

Post a Comment