Computer Crime Research Center


Plugging the "phishing" hole: legislation versus technology

Date: March 17, 2005
Source: Duke's Law and Technology Review
By: Robert Louis B. Stevenson

... John F. Burness, Senior Vice President for Public Affairs and Government Relations, Duke University, to Members of the Duke Campus Community (Oct. 13, 2004, 15:24:00 EDT), available at (last visited Oct. 21, 2004).

39. Id.

40. Federal Trade Comm’n, A CAN-SPAM Informant Reward System: A Report to Congress at 10 (Sep. 2004) (footnotes omitted), available at (last visited Oct. 21, 2004).

41. Rustad, supra note 26, at 66.

42. Fedorek, supra note 11, at 17.

43. Id.

44. APWG Report, supra note 4.

45. Id.

46. "Judgment proof" is defined by Black’s Law Dictionary 439 (abridged 5th ed. 1983), as "[d]escriptive of all persons against whom judgments for money recoveries are of no effect; e.g., persons who are insolvent, who do not have sufficient property within the jurisdiction of the court to satisfy the judgment, or who are protected by statutes which exempt wages and property from execution."

47. Rustad, supra note 26, at 67-68.

48. Federal Trade Comm’n, supra note 40.

49. H.R. Rep No. 108-698, at 5.

50. FSTC Proposal, supra note 3, at 3 (noting that "phishing relies on email, phone, and web technologies to bring forward its traps. Thus, countermeasures will necessarily have a fundamental technology basis rooted in the ability to authenticate emails and web sites.").

51. House Committee Hearing, supra note 2, at 36 (Testimony of Bill Conner, Chairman, President and CEO of Entrust, Inc.).

52. H.R. Rep No. 108-698, at 5.

53. Id.

54. For an in-depth look at many of the possible ways that current phishers are defrauding consumers, see Gunter Ollman, Next Generation Security Software, Ltd., The Phishing Guide: Understanding &Preventing Phishing Attacks (Sep. 2004) available at (last visited Oct. 19, 2004) [hereinafter NGSS Whitepaper]. See also Leslie Walker, Internet Snagged In the Hooks Of ‘Phishers,’ The Washington Post, Jul. 29, 2004, E01, available at 2004 WL 82772584 (stating that "Verisign, Inc. reported that phishing attacks are increasingly sophisticated. Verisign analyzed 490 bogus e-mails and found most did not contain the misspellings often seen in first-generation phishing. . . . Today, even cyber-savvy folks can get stung because the bogus e-mails and Web sites look so official, down to perfect replicas of, say, eBay’s logo and the real Bank of America Web site."); and Deceptive E-Mail Could Cost Consumers $500 Million, Study Finds, CMP TechWeb, Sep. 30, 2004, available at 2004 WL 64588196 (stating that "[p]hishing attacks are hard to detect. . . . In a test of 200,000 E-mail users . . . fewer than 10% were able to distinguish phishing messages from legitimate E-mail all the time.").

55. See APWG Whitepaper, supra note 3.

56. See FSTC Proposal, supra note 3.

57. See NGSS Whitepaper, supra note 54.

58. See Thomas Claburn, E-Mail-Authentication Problems Spawn New Apps, InformationWeek, Sept.21, 2004, available at

59. See Thomas Claburn, Standards Group Rejects Microsoft’s E-Mail Authentication Plan, InformationWeek, Sept. 14, 2004, available at

60. See e.g., id.

61. See e.g., Claburn, supra note 58 (noting that "[d]espite disagreements about authentication standards, pretty much every commercial enterprise on the Internet concurs that something needs to be done to address domain spoofing and phishing.").

62. APWG Whitepaper, supra note 3.

63. Id. at 5.

64. Id. at 6.

65. Id. at 7.

66. Id. at 8.

67. Id. at 5.

68. APWG Whitepaper, supra note 3, at 6.

69. Id.

70. Id.

71. Id.

72. Id. at 7.

73. Id.

74. APWG Whitepaper, supra note 3, at 8.

75. Id.

76. Id.

77. Id. at 9.

78. Id.

79. See e.g., FSTC Proposal, supra note 3, at 5; Claburn, supra note 58.
Original article

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2005-09-02 06:29:19 - Very nice Mira
2005-04-11 07:51:00 - I am really amaged at the international... Prof. D. R. Kiran
Total 2 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo