This past week, a group of bi-partisan Senators from the Commerce, Science and Transportation Committee led by myself, Bill Nelson (D-Fla.) and the Committee’s Ranking Member, Ted Stevens (R-Alaska), introduced legislation aimed at ending the deceptive practice known as phishing. The Anti-Phishing Consumer Protection Act of 2008 (S. 2661) would prohibit the solicitation of a consumer’s personal information through the use of emails, instant messages, and misleading websites that trick recipients into divulging their information for the purpose of identity theft. The legislation would also prohibit related abuses, such as the practice of using fraudulent or misleading domain names, by defining them as deceptive practices under the FTC Act.
Phishing and other online fraud activities directly undermine the vital trust of online consumers. In a world that is growing more dependent on technology, we need to take every step possible to make the Internet safer and more reliable. This begins with restoring the trust and consumer confidence that has been eroded by the prevalence of deceptive emails and websites that are defrauding the American people.
Now more than ever, Congress needs to take action to limit the growth of a practice that attacks the very essence of our commerce. Online fraud, and phishing scams have increased dramatically with more than 3.5 million Americans (a 57% increase from last year) falling victim to phishing schemes and online identity theft throughout the past year. This came at a significant cost of $3.2 billion dollars.
With millions of Americans expecting tax rebate checks this May, we are also likely to see an increase in phishing schemes. Many of these scams involve official-looking e-mail messages that try to trick the recipient into entering their personal information at a fake IRS Web sites by stating in the email that they are eligible for a refund check. This is not the first time the IRS identity has been misused for phishing scams and it will continue if we don’t take immediate and substantial action.
Additionally, the legislation seeks to solidify the integrity of domain name registration, a long-time goal for the Federal Trade Commission, by making it illegal for a domain name registrant to provide false or misleading identifying contact information in a WHOIS database when registering a domain name. Too often law enforcement officials have been hindered in their pursuit of phishers and other online scams because the person responsible is hiding behind the anonymity of false registration information — this legislation would put an end to that practice by requiring accurate registration information about those that own websites and domain name that are used to harm consumers.
It’s also important to note that phishing schemes aren’t just isolated to individuals and e-commerce. Companies, organizations, and government agencies are also targets. A form of phishing known as “Spear Phishing