Phishers Face Jail Time Under New U.S. Bill 262
An anonymous reader writes "Democrat Patrick Leahy has introduced a new federal anti-phishing bill that would impose jail terms up to five years and fines up to $250,000 for criminals creating fake web site designed to con consumers in to giving them their personal information. 'Some phishers can be prosecuted under wire fraud or identity theft statutes, but often these prosecutions take place only after someone has been defrauded - that leaves plenty of time to cover their tracks. Traditional wire fraud and identity theft statutes are not sufficient to respond to phishing.' said Leahy in a statement regarding the Anti-Phishing Act of 2005."
The crime is creating a website? (Score:0, Interesting)
I'm glad about this (Score:5, Interesting)
Evidence (Score:3, Interesting)
better solution. (Score:5, Interesting)
point a particular java app at the url and let her fly filling in all the form fields over and over and over again with what looks like real but is generated from files crap.
if the asshats have to sift through 300 bad records to find something useable, at least I slowed them down a bit.
If more people in the know did this to them instead of the worthless action of reporting them it would make a bigger impact. the last one I reported to ebay was still up days later. My second alert to ebay was responded with "we cant deal with them all, go away" but in nicer words.
Use it to prosecute spyware companies? (Score:3, Interesting)
Isn't there already a law that can be applied? (Score:3, Interesting)
Re:The crime is creating a website? (Score:3, Interesting)
This bill stops Bad Guys® from stealing the inexperienced users' life savings before they actually steal anyone's money.
Theft and fraud are already illegal. Who says that this law will do anything against phishers? The reason why phishing thrives is not because it is legal, but because it's hard to investigate and/or police just can't be bothered.
It does not outlaw building any website, just those designed with the intent and purpose to steal your bank password.
How do you prove intent? And what is the exact wording of the bill? If the intent is truly to steal and defraud, we've already got laws. We don't need any laws either forbidding to "carry weapons with intents of threatening peasants to give up their wallets". Mugging is already forbidden, and anything such a hypothecal law might achieve is inconvenience the butcher who brings a new knife to his shop...
A Luxembourgish Linux user got threats from a bank [knaff.lu] because he featured a look-alike login page on his Website. Purpose of that login page: strip an obnoxious browser check. But that's not how the bank tried to spin it.
Who's clicking on these things? (Score:2, Interesting)
--
Subject: E-gold secutity patchHBhdGNo
Dear E-gold user, we receive many complaints concerning unsunctioned taking the money
off the balance of our users recently, thus we earnestly ask you to install the
following service-pack onto your Personal Computer.
- This innovation blocks all known Trojans which let take the money off your account
without your consent. We earnestly ask you to install this service-pack in order
to keep your money safe and sound.
- In case of the lost of your money, E-gold *DOES NOT* bear any responsibility if the
service-pack had not been installed on your computer before.
- The installation archivated file of the service-pack is attached to this letter.
Re:Please explain why (Score:3, Interesting)
Do you understand the difference between "obtaining someone's information" and "ATTEMPTING to obtain someone's information"?
I see this law as similar to ones making it illegal to possess "burglary tools." Who but a locksmith or other tech-type has a legitimate reason to possess lock picks while out in public?
Big Fat Whoop (Score:3, Interesting)
Two weeks passed, and EV1.net did not take any action whatsoever. So, I sent the report to the big Brit banks, which included The Bank of England, Barclays, and the legendary Lloyds. I got immediate replies, personal ones, NOT canned, that they would immediately take legal action agianst the offending CSP.
I checked the IP shortly after receiving the replies and got a DNS error.
It seems to me that EV1.net, which is based in Houston, has merc tendencies when it comes to site hosting.
Re:I'm glad about this (Score:3, Interesting)
Report Phishing to Whom?? (Score:2, Interesting)
Re:Evidence (Score:2, Interesting)
That seems pretty easy in this case - if the web site has a form where bank passwords or other sensitive information might be entered, it's phishing. This would easily leave the "other browser form submitter" web sites, which look like phishing sites at first glance, in the clear - they don't have a space for passwords.
For once, I can't see a problem with a new law.