Originally published July 2005
Virginia has enacted the nation’s first law that expressly targets "phishing" and makes it a criminal offense. Phishing is the use of fraudulent emails and Web pages to trick Internet users into revealing personal, financial or other confidential information.
The typical phishing scheme begins with an email that appears to originate from a legitimate source, usually a bank or retailer. The email instructs the user to follow the link embedded in the email message to a Web page that appears identical to the Web site of the source, but is in fact hosted and operated by scam artists. Once the unsuspecting user interacts with the fraudulent Web site – by providing sensitive data such as their username, password or social security number – the information is recorded and used to gain access to the user’s online accounts. The stolen data is also routinely sold or otherwise distributed to others who will use it for fraudulent purposes.
Phishing is a widespread and growing problem. According to the latest data from the Anti-Phishing Working Group (APWG), there are now more than 2,600 active phishing Web sites on the Internet and more than 13,000 unique phishing emails in circulation.
Virginia’s new anti-phishing law attempts to address the phishing epidemic by making the use of a computer to obtain personal information by "material artifice, trickery or deception" a criminal offense punishable as a felony. The statute also imposes strict penalties on persons who sell or distribute information obtained through a phishing scheme.
Whether Virginia’s new anti-phishing legislation will actually curtail the practice of phishing remains to be seen. It is believed that most phishing schemes originate outside of the United States, which will make enforcement of the new law difficult. Moreover, the transient nature of phishing Web sites, which are active for an average of less than six days according to the APWG, will further complicate enforcement efforts.
Virginia’s anti-phishing law takes effect July 1, 2005, and will be codified at Virginia Code § 18.2-152.5:1.