Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Friday, May 27, 2005

Fraud Bill tidies English law and targets phishing

English fraud laws are to be updated to simplify the existing patchwork of statutory fraud offences and to take account of new methods of committing fraud, such as phishing, in terms of a new Fraud Bill published by the Government yesterday.

At present there is no one general fraud law in English law, but an untidy mess of eight specific statutory crimes (such as ‘obtaining property by deception’) and a vague common law offence of ‘conspiracy to defraud’.  This can make it difficult for prosecutors to choose an offence to fit a particular crime of dishonesty.  Nor do the current laws deal effectively with the growing problem of phishing—which occurs when a fraudster sends an e-mail with a link to a fraudulent web site where users are asked to provide personal account information.

In January alone, according to the Anti-Phishing Working Group, the number of phishing attacks jumped 42% from those reported in December.  So the Government is determined to clarify the ambiguities and yesterday published its new Fraud Bill, which creates a new general offence of fraud.

While the existing laws do not make phishing legal in England and Wales, they could make a prosecution more challenging than it should be.  Security provider MessageLabs welcomed the new law, but the company’s Chief Information Security Analyst, Paul Wood, warned that the laws do not remove the need for technical solutions. 

The new offence of fraud, which will carry a maximum sentence of 10 years, can be committed in three ways: By false representation. By failing to disclose information and By abuse of position.

Scotland does have a common law crime of fraud, committed when someone achieves a practical result by a false pretence.

Posted on 05/27