New fraud law to combat phishing
By Rene Millman,
The fight against phishing and organised criminals who send out bogus email purporting to be from banks will get a boost when a new act comes into force early next year.
The Fraud Act 2006 received Royal Assent last week and will close a number of loopholes in a number of preceding laws. One of these loopholes will ban the use of phishing kits. Phishing kits are used to create and send out bogus emails by the millions. Until now, possession of such kits has been difficult to prosecute against.
"One perceived loophole in the old regime was the possession of computer files in preparation for launching a phishing attack," said Struan Robertson, a technology lawyer with Pinsent Masons and editor of legal website out-law.com.
"That loophole is closed by the new Act. When it comes into force, possession of such any software or data for use in a fraud could result in a prison term of up to five years," he added.
The act will also outlaw writing software "knowing that it is designed or adapted for use in connection with fraud", carrying a sentence of up to ten years in prison.
Last month, research from the Indiana School of Informatics found that phishing gangs maybe netting a 14 per cent response per phishing attack - a high than expected percentage of internet users who are likely to fall victim to scam artists.
Experts said these figures were inevitable.
"The person who believes in a phishing email is not going to be very analytic in their observation of the website," said Simon Heron, technical director of Network Box. "It seems that there are a certain percentage of people who are going to be difficult to reach by information and education. Only good security solutions will prevent them from being victimised."
Others thought that technology wasn't the only solution.
"While consumer awareness is a long-term project, not least because there's a continual stream of 'newbie' online consumers every day, it's very important, as important as messages about drink-driving, wearing seat-belts, etc," said David Emm, senior technology consultant at anti-virus firm Kaspersky Lab.
"Educating users about sensible precautions, i.e. looking for 'https', the padlock symbol, checking the certificate and using plain text to limit spoofing, is valuable for this reason."
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
Who to trust after the VeriSign hack?
Davey Winder questions what data was stolen from VeriSign and wonders why the company hasn't been more forthcoming.
- Striving to solve the security skills crisis
- Would you employ a hacker or malware writer?
- Q&A: Raj Samani, CTO McAfee
- Erase and rewind: the EU and privacy
- My email address is [CENSORED]
- Is there such a thing as a secure tablet?
- 2011: The year in news
- BYOD: Old or new, good or bad?
- Are the cookie laws crumbling already?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- Google releases Chrome for Android beta
- Will someone rid me of these troublesome Macs?
- OneNote hits Google?s Android
- BlackBerry Bold 9790 review
- Google sends in Bouncer to sort out malicious apps
- Ubuntu vs. Windows 7 on the business desktop
- Who to trust after the VeriSign hack?
- Head to Head: Mac OS X 10.7 Lion vs Windows 7
- ACTA: the basics, the controversies, and the future
- BT considering Ofcom price cap appeal
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
