New fraud law to combat phishing
By Rene Millman,
The fight against phishing and organised criminals who send out bogus email purporting to be from banks will get a boost when a new act comes into force early next year.
The Fraud Act 2006 received Royal Assent last week and will close a number of loopholes in a number of preceding laws. One of these loopholes will ban the use of phishing kits. Phishing kits are used to create and send out bogus emails by the millions. Until now, possession of such kits has been difficult to prosecute against.
"One perceived loophole in the old regime was the possession of computer files in preparation for launching a phishing attack," said Struan Robertson, a technology lawyer with Pinsent Masons and editor of legal website out-law.com.
"That loophole is closed by the new Act. When it comes into force, possession of such any software or data for use in a fraud could result in a prison term of up to five years," he added.
The act will also outlaw writing software "knowing that it is designed or adapted for use in connection with fraud", carrying a sentence of up to ten years in prison.
Last month, research from the Indiana School of Informatics found that phishing gangs maybe netting a 14 per cent response per phishing attack - a high than expected percentage of internet users who are likely to fall victim to scam artists.
Experts said these figures were inevitable.
"The person who believes in a phishing email is not going to be very analytic in their observation of the website," said Simon Heron, technical director of Network Box. "It seems that there are a certain percentage of people who are going to be difficult to reach by information and education. Only good security solutions will prevent them from being victimised."
Others thought that technology wasn't the only solution.
"While consumer awareness is a long-term project, not least because there's a continual stream of 'newbie' online consumers every day, it's very important, as important as messages about drink-driving, wearing seat-belts, etc," said David Emm, senior technology consultant at anti-virus firm Kaspersky Lab.
"Educating users about sensible precautions, i.e. looking for 'https', the padlock symbol, checking the certificate and using plain text to limit spoofing, is valuable for this reason."
advertisement
Latest Security Features
How to be a successful online fraudster
Ever wanted to know how easy it is to be an identity thief and earn a fortune? IT PRO reveals all…
- What you need to know about ID cards
- Lessons to learn from a year of data breaches
- Q&A: DNS inventor Paul Mockapetris
- Is the password ill-equipped for the modern world?
- Why is backing up given short shrift?
- Defending Europe against cyber attack
- The present and future of IT security
- I’m an IT manager, get me out of here!
- IT around the world: Russia
Latest Security Reviews
Fortinet FortiGate-3810A
Rating: 
- Clearswift MIMEsweeper Web Appliance ENW
- NetASQ U6000 UTM appliance
- AVG Internet Security SBS Edition 8.0
- Finjan Vital Security Web Appliance NG-6000S
- LogLogic MX2010
- Exclusive: WatchGuard Firebox Core X750e
- Sophos ES4000 Security Appliance
- Microsoft Forefront Security for Exchange and SharePoint
- EXCLUSIVE: Juniper Networks SSG 550 UTM appliance
advertisement
Latest News Videos in Security
Video: Eugene Kaspersky outlines security threats
PlayIT PRO speaks to Eugene Kaspersky, chief executive and founder of Kaspersky Lab.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?