Introduced by senior Democrat Senator Patrick Leahy, the Anti-Phishing Act of 2005 seeks to tackle the growing threat posed by internet scams such as phishing and pharming.
Phishing occurs when a fraudster sends an e-mail that contains a link to a fraudulent web site where users are asked to provide personal account information. The e-mail and web site are usually disguised to appear to recipients as though they are from a trusted service provider, financial institution or on-line merchant.
The scam is growing quickly. According to the most recent report from the Anti-Phishing Working Group (APWG), the number of phishing attacks in January jumped 42% from those reported in December, while the number of unique phony web sites leapt 47% in the same period.
Pharming is a more recent phenomenon, taking advantage of vulnerabilities in web browsers to redirect users to fake web sites, even when they type the correct internet address into their browser.
"Some phishers and pharmers can be prosecuted under wire fraud or identity theft statutes, but often these prosecutions take place only after someone has been defrauded," said Leahy, introducing the bill in the Senate. "For most of these criminals, that leaves plenty of time to cover their tracks."
The bill therefore makes it illegal to knowingly send phishing e-mails in order to defraud the public. It also makes it illegal to set up the phony web sites that lie at the heart of the scams.
The First Amendment rights of free speech are protected by the bill, which specifically prevents parodies and political speech from being prosecuted under the Act.
In the UK, phishing or attempted phishing is likely to be prosecuted as fraud or attempted fraud, under common law in Scotland and under the Theft Act of 1968 in England and Wales.