You may have had these nasty tidbits enter your inbox: e-mails that seem to come from reputable companies (I got a host of them from “Citibank”) that tout the anti-hacking and identity-theft measures they’re taking. “In order to ensure your security, we need you to verify your contact information by clicking on the link below… etc.” The logo seems in order; it’s written in that “I want to be friendlybut I’m too stiff because my legal and compliance departments were-all over this letter” tone. You are (or at least think you were, at some point), a customer. Makes sense that you should receive it. So you click.
Sadly, all too many people and companies find that, upon doing so, they’ve been “phished.” “Phishing” (according to Webopedia) is a term that means “the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.” The U.S. Senate has recognized the problem, and Sen. Olympia Snowe (R-ME) recently introduced legislation to provide the Federal Trade Commission with authority to enforce the prohibition against phishing (Of course, whether it authorizes the funding to pay for the enforcement is another matter). (See S. 2661 in the 110th Congress, 2nd session).
Highlights of the Anti-Phishing Consumer Protection Act of 2008 include:
- Prohibiting deceptive domain names (this means using a name like “Citidank” and posing as a banking institution);
- Prohibiting domain name registrars from interfering with efforts to discover the identity of “phishers” who have obtained deceptive domain names;
- Allowing all state attorneys general, aggrieved trademark holders and affected internet service providers to bring lawsuits against the culprits (note, though, individual lawsuits are not expressly permitted, and it would probably be too costly for an individual to investigate and bring a lawsuit against a “phisher”); and
- Restricting damages from exceeding $2 million (except in special circumstances).
The moral of the story: Don’t click on everything you see. Confirm all requests for private information by telephone–and do not use the number you see in that e-mail (it, too, could be a scam). Ask that the request be sent to you by “snail” mail.
This entry was posted on Friday, March 28th, 2008 at 10:28 am and is filed under Legislation, Legalese. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.Leave a Reply
