Legislation involving phishing in the United States

Ever since 1998, Federal law and state laws in almost all of the states in United States have enacted explicit criminal legislation related to identity theft, which can be applied to phishing as well. The Federal authorities can also use a range of Federal fraud offenses like wire fraud to tackle the sending of phishing e-mails and the use of illusory mail headers. Since phishing is a type of identity theft that differs greatly from other, physically-based identity theft techniques, both the government and the private sector must make sure that citizens obtain updated information about the latest phishing techniques and know how to recognize them. Phishers or identity thieves have located several ways to perpetrate their crimes without using e-mail or Web sites.

The Anti-Phishing Act of 2005 was introduced in the United States Senate on March 1, 2005 by Democratic Senator Patrick Leahy. Thereafter, Microsoft filed 117 Federal lawsuits in March, 2005 in the U.S. District Court for the Western District of Washington. These proceedings were filed since alleged that the defendants used different techniques to acquire passwords and personal information through the Internet.

In January 2004, the U.S Federal Trade Commission filed its first lawsuit against an alleged phisher. In this case, the defendant, who was in his teens and from California, supposedly created and used a Webpage designed to appear exactly like the America Online Website in order to trick people into giving him their credit card numbers.

What are the consequences of identity theft phishing?
Phishing is a type of Internet fraud that has increased tremendously. It involves two separate acts of fraud. First, the phisher steals the identity of the business which it wants to copy and afterwards, the phisher obtains the confidential information of the innocent customers who become easy targets. Cyber criminals often seek personal data from unsuspecting victims through the Internet, such as personal IDs, passwords, credit card numbers and PINs, and in turn sell this information to new criminals who utilize it for their financial gain. Further, these criminals can also access a customer’s account through online banking and set up false bill payments that send checks to the criminal or a conspirator. Sometimes, depending upon the circumstances, offenders transfer funds from available customer accounts, including credit cards, savings accounts and home equity loans into their checking account. Later, the copy of the customer’s credit card or check card is used with their PIN at ATMs anywhere around the world to withdraw cash from the customer’s checking account. Many customers of banks such as Bank of America, US Bank, Bank of Montreal and ANZ Bank of Australia have been fooled by phishing scams.

Under what circumstances are criminals penalized under the United States Code for Internet fraud?
Amendments have been made in Chapter 63 of Title 18, United States Code. Section 1351 of Title 18 provides that anyone who purposely, and with the intent to perpetrate a Federal or State crime of fraud or identity theft, creates or acquires the creation of a Website or domain name that presents itself as a legitimate online business, without any authority or sanction of the registered owner of the authentic Website or domain name of the lawful online business and makes use of such Website or domain name to induce, demand, ask, or solicit any person to transmit, offer or provide any source of recognition to the other party can be fined or imprisoned for up to five years or both.

Additionally, any person who, deliberately, with the intent to conduct any deceitful activity, wrongly promotes itself as being sent by a genuine online business and includes an Internet information location tool that refers or links users to an online location on the World Wide Web that falsely claims to be connected with such genuine online business, and thereafter persuades, requests or solicits with the e-mail recipient directly or indirectly to provide or give any source of identification to another individual or entity, can be fined or imprisoned up to five years or both.

What are the various new laws passed in the states of United States for phishing?
Phishing was included as an offense in the Computer Crimes Act of Virginia, in January, 2005. This Act provides that if a computer is used to acquire the confidential information of a person through deception, material artifice or trick, it is classified as a Class 6 felony, which is punishable by imprisonment for up to five years and a fine of up to $2,500. An identical statute was enacted by New Mexico in March, 2005 and by New York in June, 2006. Vermont has passed similar legislation providing that a person convicted of phishing or perpetrating an online scam is punishable with up to five years in prison and a $250,000 fine.

Many states, including Pennsylvania and Florida are considering enacting such bills. In the State of Washington, attempted phishing is a crime; and sending spoof e-mails and setting up fraudulent Websites are deemed to be criminal activities, although as yet, no person has become a victim according to the provisions of this Act. On the Federal level, the Anti-Phishing Act of 2005 introduced in the Senate, has proposed criminalizing Internet scams involving fraudulently obtaining personal information and combating phishing.

Additionally, California was the first state to enact stringent civil penalties for “phishing,”, when Governor Arnold Schwarzenegger signed the Anti-Phishing Act of 2005 into law. This law makes it illegal for any person to use the Internet or any other electronic means to solicit, request, or take any action to persuade another person to provide identifying information on behalf of any business without the approval of such business. Victims can seek the recovery of actual damages or up to $500,000 per violation, whichever is greater.