Feeds

Prison terms for phishing fraudsters

England and Wales pass new Fraud Act

Internet Security Threat Report 2014

A new anti-fraud bill has been passed into law for England and Wales. The Fraud Act 2006 received Royal Assent last week and will come into force in early 2007.

The new law aims to close a number of loopholes in preceding anti-fraud legislation, which the government said was unsuited to modern fraud.

Until now there has been no single, general fraud law in English law, but an untidy mess of eight specific statutory crimes, such as "obtaining property by deception", and a vague common law offence of "conspiracy to defraud". Scotland does have a common law crime of fraud, committed when someone achieves a practical result by a false pretence.

The Fraud Act introduces a general offence of fraud which can be committed by false representation, by failing to disclose information, or by abuse of position. The offence carries a maximum sentence of 10 years' imprisonment.

"The Act replaces the existing complicated array of over-specific and overlapping deception offences," said a Home Office statement. "These offences have proved inadequate to tackle the wide range of possible fraudulent activity today or keep pace with rapidly developing technology."

Struan Robertson, a technology lawyer with Pinsent Masons and editor of OUT-LAW.COM, said: "One perceived loophole in the old regime was the possession of computer files in preparation for launching a phishing attack."

This is where emails are sent in bulk, purporting to represent a well-known brand in the hope of sending victims to a bogus website that tricks them into disclosing bank account details. Such 'phishing kits' have been available on the internet but difficult to prosecute. "That loophole is closed by the new Act," said Robertson. "When it comes into force, possession of such any software or data for use in a fraud could result in a prison term of up to five years."

The Act also provides that writing software "knowing that it is designed or adapted for use in...connection with fraud" can result in a sentence of up to 10 years.

"The new Fraud Act will make an important contribution to the fight against fraud," said Home Office minister Gerry Sutcliffe. "It will remove the deficiencies in the existing provisions and establish an effective criminal law that is flexible enough to capture the true breadth of fraud today."

KPMG Forensic's Fraud Barometer reports that fraud levels in the UK are increasing dramatically. Fraud levels rose to their highest level in 10 years in 2005, to £900m that year. Already 2006 is proving worse, with £650m worth of fraud recorded in the first six months of the year, compared to £249m in the same period in 2005.

KPMG's barometer measures the fraud levels involved in court cases in the UK where the fraud under consideration is greater than £100,000.

Figures published this week by the UK payment card association APACS said that credit card fraud fell in the latest measured period, the first six months of 2005, from £219m to £209m. Online banking fraud increased from £14m to £22m in the same period, it said.

See: Fraud Act 2006 (17 page/112KB PDF)

Copyright © 2006, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Internet Security Threat Report 2014

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.