Phishing is an increasingly common practice employed by fraudsters to procure an individual's access credentials, typically in relation to an online financial service such as a bank or eBay. It normally involves an e-mail directing users to 'verify their password', 'confirm their account' or the like, but upon clicking on the link the user is taken to a lookalike website that secretly posts their login data to the phishing server.
With internet fraud on the rise, Nathaneal writes with word that the Californian legislature has introduced legislation designed to allow civil recovery against phishers. Assuming the culprits could be found and were still connected with the missing funds (which are pretty big assumptions), the victim would have a cause of action giving rise to damages:
Arnold Schwarzenegger, governor of California, signed a bill yesterday that makes phishing a civil liability. According to MSNBC, the new law is the first of its kind in the country: 'The bill, advanced by state Sen Kevin Murray, is the first of its kind in the United States and makes 'phishing' ... a civil violation. Victims may seek to recover actual damages or $500 000 for each violation, depending upon which is greater." This is an expensive penalty for phishers who are litigated against, but do the lack of criminal accountability and the burden of action on the victim hinder the effectiveness of this bill?'
From the article:
In my opinion, this legislation -- whilst a positive step -- is unlikely to be effective or applicable in most cases. The phisher will normally either elude capture, spend the money or in any case reside outside California. The best solution is prevention, and the best way to prevent is to educate. Here is a good tutorial on how not to 'get hooked'. Here is another excellent summary of precautions and advice.The State Senate approved Bill 355 in August, and moved it to the Governor's desk in September. The bill now makes it illegal for anyone to solicit, request or induce a consumer to provide personal information by using e-mail, Web sites or the Internet to fraudulently impersonate a legitimate business.
Originally by CmdrTaco at Slashdot: Your Rights Online, 10:28 AM