Law would hook Internet phishing scammers
By MARK JOHNSON
Associated Press Writer
December 18, 2005, 9:32 AM EST
ALBANY, N.Y. -- "Phishing" is a computer scam that can quickly drain entire bank accounts of unsuspecting consumers, but it victimizes bigger players, too.
Now, two New York lawmakers want to give legitimate companies whose systems and identities were illegally commandeered to perpetrate such scams the chance to strike back.
A bill introduced by state Sen. Charles Fuschillo and Assemblyman Richard Brodsky would allow private companies, nonprofit groups and the state attorney general to bring civil actions against phishing scam artists. The legislation is being supported by Microsoft Corp., AARP and the New York State Telecommunications Association, among others.
Phishing refers to e-mails that appear to come from banks or other trusted businesses and are used to induce recipients to verify their accounts by typing personal details, such as credit card or bank account information, into a Web site disguised to appear legitimate.
"Banks and internet companies whose names are being used in these scams are as much a victim as the person who's identity is stolen," said Brodsky, a Westchester Democrat. "Companies like Microsoft could very effectively on a civil basis use their muscle to police the system."
Earlier this month, a study released by America Online and the National Cyber Security Alliance found that about one in four Internet users are hit with e-mail scams every month that try to lure sensitive personal information from unsuspecting consumers.
Of those receiving the phony e-mails, most thought they might be from legitimate companies _ seven in 10 were fooled by the e-mails, said the report.
Identity theft is considered the nation's fastest-growing white-collar crime. Nationwide in 2004, 2.4 million were victims of phishing scams costing nearly $1 billion, said Fuschillo, a Long Island Republican.
In October, the Anti-Phishing Working Group, an industry association focused on fighting identity theft, received reports of 15,820 unique phishing attacks, more than double the 6,957 reports a year earlier.
"It's good to have whatever tools you need to pursue these criminals," said Peter Cassidy of the APWG. "So if you get a bunch of programmers in Michigan who decide they want to make extra money through phishing, it's nice to have a law on hand to whack them as hard as you can."
Authorities note, however, that most phishing Web sites are based overseas. The United States still tops the list with 29 percent, according to the APWG. Nearly 10 percent are based in China and South Korea plays host to more than 8 percent of them.
That poses a challenge for U.S. law enforcement to bring the scam artists to justice, Cassidy said.
The Federal Trade Commission advises against e-mailing financial and personal details. It says legitimate companies don't request those details in an e-mail.
Last March, Microsoft filed 117 federal lawsuits against unnamed defendants, accusing them of "phishing." The lawsuits were filed against "John Doe" defendants in U.S. District Court for the Western District of Washington.
The Redmond, Wash.-based software company said it filed the lawsuits in hopes of uncovering some of the largest operators.
At least 11 other states enacted anti-phishing legislation in the past year, according to the National Conference of State Legislatures. Many of those laws include civil as well as criminal penalties.
The term phishing is short for "password harvesting fishing." The idea is that scam artists toss out thousands of e-mails as bait with the hopes that some recipients will be tempted into biting.
_____
On the Net:
Anti-Phishing Working Group: http://www.antiphishing.org/
Copyright 2005 Newsday Inc.
Associated Press Writer
December 18, 2005, 9:32 AM EST
ALBANY, N.Y. -- "Phishing" is a computer scam that can quickly drain entire bank accounts of unsuspecting consumers, but it victimizes bigger players, too.
Now, two New York lawmakers want to give legitimate companies whose systems and identities were illegally commandeered to perpetrate such scams the chance to strike back.
A bill introduced by state Sen. Charles Fuschillo and Assemblyman Richard Brodsky would allow private companies, nonprofit groups and the state attorney general to bring civil actions against phishing scam artists. The legislation is being supported by Microsoft Corp., AARP and the New York State Telecommunications Association, among others.
Phishing refers to e-mails that appear to come from banks or other trusted businesses and are used to induce recipients to verify their accounts by typing personal details, such as credit card or bank account information, into a Web site disguised to appear legitimate.
"Banks and internet companies whose names are being used in these scams are as much a victim as the person who's identity is stolen," said Brodsky, a Westchester Democrat. "Companies like Microsoft could very effectively on a civil basis use their muscle to police the system."
Earlier this month, a study released by America Online and the National Cyber Security Alliance found that about one in four Internet users are hit with e-mail scams every month that try to lure sensitive personal information from unsuspecting consumers.
Of those receiving the phony e-mails, most thought they might be from legitimate companies _ seven in 10 were fooled by the e-mails, said the report.
Identity theft is considered the nation's fastest-growing white-collar crime. Nationwide in 2004, 2.4 million were victims of phishing scams costing nearly $1 billion, said Fuschillo, a Long Island Republican.
In October, the Anti-Phishing Working Group, an industry association focused on fighting identity theft, received reports of 15,820 unique phishing attacks, more than double the 6,957 reports a year earlier.
"It's good to have whatever tools you need to pursue these criminals," said Peter Cassidy of the APWG. "So if you get a bunch of programmers in Michigan who decide they want to make extra money through phishing, it's nice to have a law on hand to whack them as hard as you can."
Authorities note, however, that most phishing Web sites are based overseas. The United States still tops the list with 29 percent, according to the APWG. Nearly 10 percent are based in China and South Korea plays host to more than 8 percent of them.
That poses a challenge for U.S. law enforcement to bring the scam artists to justice, Cassidy said.
The Federal Trade Commission advises against e-mailing financial and personal details. It says legitimate companies don't request those details in an e-mail.
Last March, Microsoft filed 117 federal lawsuits against unnamed defendants, accusing them of "phishing." The lawsuits were filed against "John Doe" defendants in U.S. District Court for the Western District of Washington.
The Redmond, Wash.-based software company said it filed the lawsuits in hopes of uncovering some of the largest operators.
At least 11 other states enacted anti-phishing legislation in the past year, according to the National Conference of State Legislatures. Many of those laws include civil as well as criminal penalties.
The term phishing is short for "password harvesting fishing." The idea is that scam artists toss out thousands of e-mails as bait with the hopes that some recipients will be tempted into biting.
_____
On the Net:
Anti-Phishing Working Group: http://www.antiphishing.org/
Copyright 2005 Newsday Inc.
Comments