Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
United States CDA News

Phishers Face Jail Time Under New U.S. Bill 262

An anonymous reader writes "Democrat Patrick Leahy has introduced a new federal anti-phishing bill that would impose jail terms up to five years and fines up to $250,000 for criminals creating fake web site designed to con consumers in to giving them their personal information. 'Some phishers can be prosecuted under wire fraud or identity theft statutes, but often these prosecutions take place only after someone has been defrauded - that leaves plenty of time to cover their tracks. Traditional wire fraud and identity theft statutes are not sufficient to respond to phishing.' said Leahy in a statement regarding the Anti-Phishing Act of 2005."
This discussion has been archived. No new comments can be posted.

Phishers Face Jail Time Under New U.S. Bill

Comments Filter:
  • by Anonymous Coward on Friday March 04, 2005 @09:05AM (#11843217)
    Anyone else find that a bit scary? People with parody sites should be probably be worried a little.
  • I'm glad about this (Score:5, Interesting)

    by Deekin_Scalesinger ( 755062 ) * on Friday March 04, 2005 @09:06AM (#11843227)
    Assuming it works and is enforceable, of course. I think phishing is a pretty low way to live your life - preying on the gullible. Been done for thousands of years, true, but taking advantage of people is no way to live your life IMO.
  • Evidence (Score:3, Interesting)

    by retards ( 320893 ) on Friday March 04, 2005 @09:14AM (#11843268) Journal
    Not a bad thing, but I think actual fraud or clear intent should have to be proven. Opportunity and unproven intent should not be weigh beyond a reasonable doubt.
  • better solution. (Score:5, Interesting)

    by Lumpy ( 12016 ) on Friday March 04, 2005 @09:17AM (#11843284) Homepage
    I already start up an app to poison their databases every time I get one ofthose paypal,ebay or lately, the yahoo greeting card phishing scams.

    point a particular java app at the url and let her fly filling in all the form fields over and over and over again with what looks like real but is generated from files crap.

    if the asshats have to sift through 300 bad records to find something useable, at least I slowed them down a bit.

    If more people in the know did this to them instead of the worthless action of reporting them it would make a bigger impact. the last one I reported to ebay was still up days later. My second alert to ebay was responded with "we cant deal with them all, go away" but in nicer words.
  • by G4from128k ( 686170 ) on Friday March 04, 2005 @09:20AM (#11843301)
    I've not read the bill (only this article [internetnews.com]), but I wonder if this could be used to prosecute other internet low-life that try to gather personal data for purposes not sanctioned by the submitter of the information. And taking over someone's computer without their knowledge would certainly seem to be a type of fraud under this bill.
  • by CastrTroy ( 595695 ) on Friday March 04, 2005 @09:32AM (#11843369) Homepage
    Isn't there already a law that can be applied? Doesn't this basically amount to fraud or something? I think the biggest problem with Phishing is that it's a little hard to track down who is doing it. If you know who's doing it, you can easily arrest them. The problem is, is that mostly these phishers try to remain anonymous, and probably don't have their operations set up in the US.
  • by BlueUnderwear ( 73957 ) on Friday March 04, 2005 @09:44AM (#11843437)
    Christ, take off your tinfoil! This is an entirely reasonable and proper use of legislative power.

    This bill stops Bad Guys® from stealing the inexperienced users' life savings before they actually steal anyone's money.

    Theft and fraud are already illegal. Who says that this law will do anything against phishers? The reason why phishing thrives is not because it is legal, but because it's hard to investigate and/or police just can't be bothered.

    It does not outlaw building any website, just those designed with the intent and purpose to steal your bank password.

    How do you prove intent? And what is the exact wording of the bill? If the intent is truly to steal and defraud, we've already got laws. We don't need any laws either forbidding to "carry weapons with intents of threatening peasants to give up their wallets". Mugging is already forbidden, and anything such a hypothecal law might achieve is inconvenience the butcher who brings a new knife to his shop...

    A Luxembourgish Linux user got threats from a bank [knaff.lu] because he featured a look-alike login page on his Website. Purpose of that login page: strip an obnoxious browser check. But that's not how the bank tried to spin it.

  • by theskipper ( 461997 ) on Friday March 04, 2005 @09:46AM (#11843447)
    I don't get some of these phishing guys. Just got this in my inbox. Sure, there are some phishes that look believable but are the phishers really as stupid as the people that click on them? Would anyone who'd create a brain-dead phish like this one actually be afraid of jail time and/or a fine?

    Subject: E-gold secutity patchHBhdGNo

    Dear E-gold user, we receive many complaints concerning unsunctioned taking the money
    off the balance of our users recently, thus we earnestly ask you to install the
    following service-pack onto your Personal Computer.

    - This innovation blocks all known Trojans which let take the money off your account
    without your consent. We earnestly ask you to install this service-pack in order
    to keep your money safe and sound.

    - In case of the lost of your money, E-gold *DOES NOT* bear any responsibility if the
    service-pack had not been installed on your computer before.

    - The installation archivated file of the service-pack is attached to this letter.

  • by TFGeditor ( 737839 ) on Friday March 04, 2005 @10:44AM (#11843917) Homepage
    "Obtaining someone's information illegally, to use it illegally, is...already illegal!"

    Do you understand the difference between "obtaining someone's information" and "ATTEMPTING to obtain someone's information"?

    I see this law as similar to ones making it illegal to possess "burglary tools." Who but a locksmith or other tech-type has a legitimate reason to possess lock picks while out in public?
  • Big Fat Whoop (Score:3, Interesting)

    by TheHawke ( 237817 ) <rchapin@[ ].rr.com ['stx' in gap]> on Friday March 04, 2005 @11:30AM (#11844284)
    I ran across a phishing site on a client's system while cleaning it up. The HOSTS file had 6 entries in it, redirecting any requests for 5 British banks and one Brazilan banco, to a IP at EV1.net. I busted my ass in a effort to get EV1.net's support team and administrative suits to pull the IP, but all I got was canned replies: "Forward the information to the abuse department". So I did so.

    Two weeks passed, and EV1.net did not take any action whatsoever. So, I sent the report to the big Brit banks, which included The Bank of England, Barclays, and the legendary Lloyds. I got immediate replies, personal ones, NOT canned, that they would immediately take legal action agianst the offending CSP.

    I checked the IP shortly after receiving the replies and got a DNS error.

    It seems to me that EV1.net, which is based in Houston, has merc tendencies when it comes to site hosting.
  • by Tim C ( 15259 ) on Friday March 04, 2005 @11:41AM (#11844400)
    More likely it's details of a reward program for Iraqi citizens - eg for turning in suspected insurgents and criminals, joining the security forces, etc.
  • by elenaran ( 649639 ) on Friday March 04, 2005 @11:59AM (#11844538)
    Just this past week I received the same phishing email (fake Key Bank login) 5 days in a row. I was surprised the site was able to stay up for so long. Who does one report this type of thing to? the FBI? the Secret Service? the FCC?? There needs to be some sort of clear statement on this from the government.
  • Re:Evidence (Score:2, Interesting)

    by lgw ( 121541 ) on Friday March 04, 2005 @12:37PM (#11844904) Journal
    Proof of intent is a requirement for conviction for many laws. I think that's OK. The point of the new law is to create the power to arrest a phisher before he defrauds someone. If you're going to do that, you have to judge intent.

    That seems pretty easy in this case - if the web site has a form where bank passwords or other sensitive information might be entered, it's phishing. This would easily leave the "other browser form submitter" web sites, which look like phishing sites at first glance, in the clear - they don't have a space for passwords.

    For once, I can't see a problem with a new law.

Beware of Programmers who carry screwdrivers. -- Leonard Brandwein