Original URL: https://www.theregister.com/2006/11/14/fraud_act_outlaws_phishing/

Prison terms for phishing fraudsters

England and Wales pass new Fraud Act

By OUT-LAW.COM

Posted in Legal, 14th November 2006 11:25 GMT

A new anti-fraud bill has been passed into law for England and Wales. The Fraud Act 2006 received Royal Assent last week and will come into force in early 2007.

The new law aims to close a number of loopholes in preceding anti-fraud legislation, which the government said was unsuited to modern fraud.

Until now there has been no single, general fraud law in English law, but an untidy mess of eight specific statutory crimes, such as "obtaining property by deception", and a vague common law offence of "conspiracy to defraud". Scotland does have a common law crime of fraud, committed when someone achieves a practical result by a false pretence.

The Fraud Act introduces a general offence of fraud which can be committed by false representation, by failing to disclose information, or by abuse of position. The offence carries a maximum sentence of 10 years' imprisonment.

"The Act replaces the existing complicated array of over-specific and overlapping deception offences," said a Home Office statement. "These offences have proved inadequate to tackle the wide range of possible fraudulent activity today or keep pace with rapidly developing technology."

Struan Robertson, a technology lawyer with Pinsent Masons and editor of OUT-LAW.COM, said: "One perceived loophole in the old regime was the possession of computer files in preparation for launching a phishing attack."

This is where emails are sent in bulk, purporting to represent a well-known brand in the hope of sending victims to a bogus website that tricks them into disclosing bank account details. Such 'phishing kits' have been available on the internet but difficult to prosecute. "That loophole is closed by the new Act," said Robertson. "When it comes into force, possession of such any software or data for use in a fraud could result in a prison term of up to five years."

The Act also provides that writing software "knowing that it is designed or adapted for use in...connection with fraud" can result in a sentence of up to 10 years.

"The new Fraud Act will make an important contribution to the fight against fraud," said Home Office minister Gerry Sutcliffe. "It will remove the deficiencies in the existing provisions and establish an effective criminal law that is flexible enough to capture the true breadth of fraud today."

KPMG Forensic's Fraud Barometer reports that fraud levels in the UK are increasing dramatically. Fraud levels rose to their highest level in 10 years in 2005, to £900m that year. Already 2006 is proving worse, with £650m worth of fraud recorded in the first six months of the year, compared to £249m in the same period in 2005.

KPMG's barometer measures the fraud levels involved in court cases in the UK where the fraud under consideration is greater than £100,000.

Figures published this week by the UK payment card association APACS said that credit card fraud fell in the latest measured period, the first six months of 2005, from £219m to £209m. Online banking fraud increased from £14m to £22m in the same period, it said.

See: Fraud Act 2006 (17 page/112KB PDF)

Copyright © 2006, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.