Anti-Phishing Laws

Troy Dooly's Collection

Phishing (pronounced as "fishing") is the common term for one of the most prevalent cybercrimes affecting people today. It is the act of a cybercriminal sending what looks like a legitimate e-mail. The email informs the email recipient of a security issue that was uncovered.

However, to verify that the computer is secure, the recipient needs to log into the web account in question and update the security information. At that point, the website steals the recipient's private personal login information.

History of Phishing

Phishing scams trace back to the late 1980s, when one of the most notorious hacking magazines, "2600," mentioned it. The following year, a white paper went out to Hewlett Packard users describing in detail a specific phishing scam. At that time AOL dominated the Internet, and most phishing activity was happening inside the AOL e-mail system. With the decline of AOL as the dominant player, by the start of the 21st century, phishing scams were coming from around the world.

Anti-Phishing Act of 2004

The 108th Congress was seated in its second session, when Senator Patrick Leahy introduced Senate Bill 2636, referred to as the Anti-Phishing Act of 2004. The bill's intent was to make a criminal act of any Internet activity in which the personal information of a U.S. citizen was obtained fraudulently by the use of phishing scams. The bill would have specifically amended Chapter 63, title 18 of the U.S. Code (federal law) to add a section of Internet fraud. The bill never made it out of committee.

Anti-Phishing Act of 2005

During the 109th Congress, Senator Leahy once again introduced an anti-phishing bill: Senate Bill 472, the Anti-Phishing Act of 2005. As with the previous bill, the Anti-Phishing Act of 2005 would amend Chapter 63, title 18 of the U.S. Code. Like the Anti-Phishing Act of 2004, this bill died in committee.

Chapter 63 Title 18 of the U.S. Code

The strongest law on the books is Chapter 63, title 18 of the U.S. Code. Although there is no specific mention of "anti-phishing," the code is very strong when it comes to fraud relating to obtaining unauthorised personal information. The strongest part of the law is found at Title 18, part 1, chapter 4, ยง 1028: "Fraud and related activity in connection with identification documents, authentication features, and information."

Anti-phishing Warning

Spotting phishing scams can be tricky, whether they come from e-mails or through other electronic communication. When coming from professional cybercriminal organisations, the phishing communication might look completely legitimate, especially in e-mails. The "from" field in the email looks like regular e-mails you receive from a legitimate company, such as a bank. All the "hot links" even appear as if they go directly to the company's website, when in fact, they direct you to a mirrored website created to look just like the legitimate site.

Anti-phishing Golden Rule

The best protection against phishing scams is to follow the anti-phishing golden rule. Never click on a hot link within the text of an e-mail. And, always keep your computer's security system active and current. It is also "best practice" to use some type of e-mail spam filtering. Currently, most e-mail clients have some form of filtering built in; however, professional e-mail filtering software provides an additional protection layer against phishing frauds.