States Tell Phishers To Cut Bait Or Else - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


States Tell Phishers To Cut Bait Or Else

Virginia and New Mexico set to enforce new laws that categorize phishing as a felony.

In a move to deter phishing crimes and make them easier to prosecute, Virginia lawmakers have taken the uncommon step of categorizing the practice as a felony and in July will begin handing out punishments of up to five years in prison and $2,500 in fines. The state is also cracking down on people who sell or distribute phished information, marking those people as felons even if they didn't actually steal the information they're passing.

Virginia in January added the phishing statute to its Computer Crimes Act, defining the practice as fraudulently obtaining, recording, or accessing from a computer any number of sensitive data points, including a person's Social Security, driver's license, and bank account numbers.

Virginia isn't the only state cracking down on cybercrime through legislation. New Mexico earlier this month enacted a law that in July will make phishing a felony. That state defines phishing as the use of computers and electronic equipment to defraud or otherwise steal an individual's personal or financial identifying information and then use that information to strip the victim's assets or destroy his or her credit rating.

January was the first time Virginia lawmakers had addressed phishing, "which is a form of identity theft or out-and-out fraud, a con game over the computer," says Stewart Petoe, director of legal affairs for the Virginia State Crime Commission. The commission is a legislative entity authorized by the state to research and make recommendations on all aspects of criminal-justice and public-safety issues.

The appearance of such laws isn't surprising, considering the rise in phishing scams. There were 2,625 active phishing sites in February, growing at an average monthly rate of 26% since July, according to a recent report from the Anti-Phishing Working Group, a coalition of financial institutions, online retailers, Internet service providers, and law enforcement formed to prevent identity theft and fraud caused by phishing, pharming, and E-mail spoofing. In February, there were 13,141 new, unique phishing E-mail messages reported to the organization, an increase of 2% over the number of unique reports for January, despite February being a shorter month. The most targeted industry sector for phishing attacks continues to be financial services, and most phishing sites were hosted in the United States, followed by China.

In some respects, Virginia's Computer Crimes Act's crackdown on phishing is harsher than on conventional identity theft, which requires the state to prove that a person was going to do something unlawful with the information. "This can be very, very difficult in the world of cybercrime, so mens rea, or the offender's mental state, isn't required," Petoe says. The Virginia State Crime Commission and the Legislature thought the law's rigidity appropriate, given that one person using a PC can send out millions of fraudulent E-mails in a short period of time, making it a more efficient weapon than even the telephone.

The commission agreed that phishing is dangerous enough that it should be considered a felony, although most other cybercrimes are classified as misdemeanors, Petoe says. Although the commission sometimes debates the definitions of what constitutes different cybercrimes, "there was perfect agreement on phishing," he says.

The commission hopes that, as with any criminal law, the new phishing component of the Computer Crimes Act will serve as a deterrent. For those who don't heed the warning, the statute will make it easier for the state to prosecute phishers.

Next on the commission's agenda is helping the Legislature draft and pass a statute for 2006 outlawing the use of spyware, adware, and bots, which are programs that perform a repetitive function such as posting a message to multiple newsgroups or searching for information or news. This issue is grayer than phishing, because it's more difficult to determine the intent of using such software. The commission, which works closely with companies in the tech industry, Petoe says, doesn't want to pass any legislation that would criminalize any legitimate business practice.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
How to Fail: Digital Transformation Mistakes
Jessica Davis, Senior Editor, Enterprise Apps,  11/6/2019
Study Proposes 5 Primary Traits of Innovation Leaders
Joao-Pierre S. Ruth, Senior Writer,  11/8/2019
Top-Paying U.S. Cities for Data Scientists and Data Analysts
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/5/2019
Register for InformationWeek Newsletters
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll