New York state could soon empower officials to go after online fraudsters using fake emails to bait Empire State residents and businesses.
Bi-partisan legislation has been introduced in the state General Assembly that would let the state attorney general, private industry and nonprofits take civil action against the creators of phishing emails.
The bill's sponsors, state Sen. Charles Fuschillo, R-Long Island, and state Assemblyman Richard Brodsky, D-Westchester County, were joined by representatives from Microsoft, the AARP and the Anti-Phishing Working Group in support of the legislation.
Fuschillo, adding that he has been a victim of identity theft himself, said the legislation follows a recently enacted breach-notification law nicely.
"This is just the next step in adding more protection for consumers," he said. "ID theft is the fastest growing kind of crime out there. It is a major problem."
Brodsky said in a statement that the legislation also helps to fight terrorism.
"It is reprehensible that these thieves would take advantage of and scam people, especially those who want to make a difference and contribute to charities," he said. "Not only does phishing harm the economy and consumers, it is a homeland security issue because some phishing operations are know to aid terrorist activities. Our bipartisan legislation will help stop it."
The state's Information Security Breach and Notification Act went into effect earlier this month, making New York the 19th state to enact such a law.
Based on California's 2-year-old SB1386, the law requires companies doing business in the state to notify customers of any breach of unencrypted personal information. It also threatens a fine of up to $10 per failed notification.
Dave Jevans, chairman of the Anti-Phishing Working Group, said such legislation would make it clear that phishing is illegal, but did not know how effective it would be.
"The physical location of the servers hosting a phishing site is usually not an indication of where the phisher physically is located," he said. "Arrests of phishers have predominantly been outside of the USA. Thus, while I am generally supportive of anti-phishing legislation, I fear it will do little to curb the activity."