London, 26 May 2005 – MessageLabs, the leading provider of email security and management services to businesses, welcomes today’s announcement that the Government’s Fraud Bill has been revised to include a new fraud offence that specifically targets the perpetrators of phishing attacks. Under the new legislation, prosecutors will be able to impose sentences of up to 10 years.

Phishing incidences reached a peak point in January 2005* but then dropped off again. However, recent months have seen a resurgence of phishing attacks and security experts are attributing this to the huge rise of zombie networks being used to pump out massive volumes of the scam emails, as cyber-criminals look to increase their profits.

The new offence, which strengths the current legislation and will ease the path for criminal prosecution, covers phishing acts under the intent of false representation. It clarifies that any person disseminating an email to large groups of people falsely claiming to be a legitimate financial institution in order to gain access to individuals’ personal financial information will be committing an offence..

The maximum 10 year tariff will make the fraudulent activity a potentially extraditable criminal offence and, therefore, further assists the international community to work together in the fight against cyber-crime.

The Bill coincides with the launch of campaign ‘Operation Spam Zombie’ which will see international trade and government members of the London Action Plan (LAP)** apply pressure on ISPs to help put a halt to customers computers being used to distribute spam.

Paul Wood, Chief Information Security Analyst at MessageLabs, comments:

“For targeted organisations, the impact of phishing attacks can be high – lost productivity, customer confusion and complaints, damage to the brand and legal implications. For individual users, the financial losses can be excessive. If allowed to continue unchecked, phishing scams threaten to undermine confidence in e-commerce as a whole and not just online banking.

“When we take a closer look at how criminals are able to perpetrate such crimes on a huge scale, the finger of blame lies with the pervasiveness of botnets across the internet. As the financial stakes increase, criminals have become much more familiar with the use of information technology in the commission of these types of fraud. Therefore, any measure taken to update the law to address this form of criminal activity is to be welcomed..

“However, the issue really needs to be tackled at source; therefore industry and government cooperation is essential to identify and shut down the perpetrators, alongside a tighter legal framework and enforcement. While legislative measures will act as a deterrent, it does not remove the need for technology solutions. Not only should companies be investing in technologies that enable threats to be eliminated from corporate networks before they have the chance to disrupt or endanger the business, but also ISPs should act much more responsibly and implement measures that will help protect consumers.”