New fraud law to combat phishing
By Rene Millman,
The fight against phishing and organised criminals who send out bogus email purporting to be from banks will get a boost when a new act comes into force early next year.
The Fraud Act 2006 received Royal Assent last week and will close a number of loopholes in a number of preceding laws. One of these loopholes will ban the use of phishing kits. Phishing kits are used to create and send out bogus emails by the millions. Until now, possession of such kits has been difficult to prosecute against.
"One perceived loophole in the old regime was the possession of computer files in preparation for launching a phishing attack," said Struan Robertson, a technology lawyer with Pinsent Masons and editor of legal website out-law.com.
"That loophole is closed by the new Act. When it comes into force, possession of such any software or data for use in a fraud could result in a prison term of up to five years," he added.
The act will also outlaw writing software "knowing that it is designed or adapted for use in connection with fraud", carrying a sentence of up to ten years in prison.
Last month, research from the Indiana School of Informatics found that phishing gangs maybe netting a 14 per cent response per phishing attack - a high than expected percentage of internet users who are likely to fall victim to scam artists.
Experts said these figures were inevitable.
"The person who believes in a phishing email is not going to be very analytic in their observation of the website," said Simon Heron, technical director of Network Box. "It seems that there are a certain percentage of people who are going to be difficult to reach by information and education. Only good security solutions will prevent them from being victimised."
Others thought that technology wasn't the only solution.
"While consumer awareness is a long-term project, not least because there's a continual stream of 'newbie' online consumers every day, it's very important, as important as messages about drink-driving, wearing seat-belts, etc," said David Emm, senior technology consultant at anti-virus firm Kaspersky Lab.
"Educating users about sensible precautions, i.e. looking for 'https', the padlock symbol, checking the certificate and using plain text to limit spoofing, is valuable for this reason."
advertisement
Latest Security Features
Who should be Britain’s cyber security czar?
Experts reveal what a UK head of cyber security would need to do, while we put forward possible candidates for the role.
- The reality of movie technology
- Do smartphones need security software?
- Protecting the London 2012 Olympic Games
- Focus on... Flexible working
- Cyber policing and surveillance in Britain today
- How an FBI agent transformed Microsoft security
- Can security concerns kill cloud computing?
- GhostNet: Did the Chinese government hack the world?
- How poor web security nearly lead to a jail term
Latest Security Reviews
HP BladeSystem c3000 review: blade server
Rating: 
- CA ARCserve Backup r12.5 review
- FaceTime Communications USG530 - web filtering appliance review
- Guardium 7 – database security review
- Google Apps Premier Edition
- SmoothWall UTM-1000 review
- Lenovo ThinkPad USB Portable Secure Hard Drive
- LogRhythm LR-500-XM review
- EXCLUSIVE - eSoft ThreatWall 250
- Zebra RZ400 - RFID Printer
advertisement
Latest News Videos in Security
Video: Mobile security threats and Mac complacency
PlayPart two: Eugene Kaspersky, chief executive and founder of Kaspersky Lab, talks about the increasing security threats mobile users are facing.
Whitepapers
Want more background on today's hottest IT trends?
Visit IT PRO's whitepaper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?