Online Fraud by way of Phishing Emails

CYBR 7000: Cyber law, Policy, and Enforcement

February 10, 2022

            With the rise of people using the Internet more since Covid-19 started, there has been an increase in fraud cases that occur on the internet as well. Some of these frauds occur by way of romance scams, inauthentic products or even investment fraud. The single type of fraud that was researched and discussed below is the use of phishing emails to commit fraud. Here the perpetrator sends out the same email in a mass quantity, with hopes of getting as many people to fall victim to as possible. The email usually looks like it is legitimate and coming from your banker or other financial institution. The point of this email is to get the victim to “verify” personal information on the link sent in the email (Yar & Steinmetz, 2019). The personal information can be anything from bank account info, passwords, or social security numbers. Within this essay we look at different types of laws that pertain to this fraud and the policing efforts that go into combating or investigating it.

While doing research on phishing emails, many items were evaluated such as policing, investigations and laws that deal with phishing emails. In this portion of the paper, these items were evaluated in relation to the state of Georgia. Even though phishing emails do get reported, especially in cases where the sender of the email does get personal information from the recipient, this still does not give an accurate picture of statistics pertaining to phishing emails. Part of the reason for this, is because of under reporting where the victim does not know who to report their case to or the law enforcement officials have not been trained properly on how to handle such cybercrimes. Many police departments in Georgia are still struggling to have proper training on investigation of such cybercrimes and how to solve these crimes (Yar & Steinmetz, 2019). When it comes to laws in accordance to phishing emails, Georgia has done a thorough job. Within the latest laws, Georgia has defined who the sender is, recipient is, all the ways in which a phishing email can occur, what it may look like and many other aspects within its laws against phishing. Georgia has also laid out several penalties faced by those who send out such phishing emails, ranging from $1,000.00 to 12 months in prison or both. There are exceptions to committing such a crime in which it escalates from a misdemeanor to a felony. Some of these cases are when revenue generated by sender exceeding $50,000.00 or where a person knowingly permits a minor to assist in such a crime. These acts are punishable by 5 years imprisonment or up to $50,000.00 in fines (Spam Laws, 2022). In addition to the state of Georgia, there are punishments for phishing emails at the federal level, which we will look at next, along with federal laws and regulations.

Next, this part of the paper covers laws, policing, and investigations at the Federal level in the United States. According to research, there have been attempts to pass laws that cover phishing, in 2005 Congress wrote a potential law that eventually died in court and did not get passed. This law was named the anti-phishing act and aimed to criminalize any internet scams that involve someone fraudulently gaining access to someone else’s personal information. Some of the punishments that are listed, if one were to be found guilty of phishing, include a fine, up to five years of imprisonment or both (Nathan, 2021).  Even though the law did not get passed, the punishments in it still stand and can be cast upon a criminal so long as the court can prove there was phishing through other means. Such other means include CAN-SPAM, HIPAA, Sarbanes-Oxley Act and PCI-DSS. In addition to finding other ways to prove someone has broken the law via phishing emails, it is important for businesses and organizations to take the correct precautions to help safeguard against this. That way, the police doing the investigation can confidently say that the victim is not to be faulted and took all precautionary measures to avoid such a crime. Some of these include training employees properly, implement security awareness training programs and do trainings with simulated phishing emails within your organization (Infosec, 2017). Though this seems like a lot, it is actually much more attainable than when it comes to trying to combat phishing at an international standpoint, which is covered next.

Thirdly, this part of the paper covers laws, policing, and investigations at the international level. This is most challenging when it comes to conquering cybercrimes not just phishing emails. There are many jurisdictions that overlap in international law, which then creates challenges for policing and investigations. This also creates confusion for the victim and who they need to go to when the crime occurs. Part of what makes crimes at an international scale so difficult is anonymity, different rules and laws, and where does the jurisdiction lie to prosecute the criminal (Yar & Steinmetz, 2019). Aside from the difficulties faced by police in international phishing crimes, there are laws and acts that have recently been put in place in various countries to help aid police and investigations. The first is INTERPOL whose mission is to help over 190 countries and their law enforcement agencies to combat transnational crime serving as an information hub for intelligence. Next is The Council of Europe, this is a page that provides ongoing information on Europe’s efforts to combat cybercrime and hosts the Cybercrime Programme Office which assists other countries in strengthening their criminal justice systems. Lastly, there is the United Nations Office of Drugs and Crime which is in the UK and spearheaded the study of cybercrime in 2011 for many nations. They also maintain the Cybercrime Repository, a database of cybercrimes, including phishing cases that help aid in transnational cases (Georgetown Law, 2021). Overall, there are many efforts internationally to create laws or regulations that can be used in policing and investigations of phishing cases and other cybercrimes. Now the same efforts need to be put forth in helping to solve the other issues mentioned above faced by police and investigating such crimes.

            In general, phishing emails are a serious topic to discuss and educate the public on. Separate from the laws and policing issues discussed within the essay above, this would be a good time to review some smart practices when it comes to looking for phishing emails and being smart about spotting them. Some tips released by the FBI include not clicking on anything in an unsolicited email, carefully examine the email address or URL, be smart about what attachments you download and be careful about what personal information you openly put online (Federal Bureau of Investigation, 2022). Finally, keep in mind who your local authority is and what the laws listed above are when it comes to filing a case against a phishing attack, that way even as the victim, you are fully aware and can make the best case possible to law enforcement.

References

Federal Bureau of Investigation (2022). Spoofing and Phishing. Federal Bureau of Investigation, https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/spoofing-and-phishing

Geoffrey Nathan (2021). What is Phishing? + Laws, Charges & Statute of Limitations.

https://www.federalcharges.com/phishing-laws-charges/

Georgetown Law (2021). IGO, NGO & U.S. Government Agency Resources. Georgetown Law Library,https://guides.ll.georgetown.edu/c.php?g=363530&p=4821480

Infosec (2017). Anti-Phishing Laws & Regulations. Infosec Institute, https://resources.infosecinstitute.com/topic/anti-phishing-laws-regulations/

Majid Yar and Kevin F Steinmetz. (2019). Cybercrime and Society. SAGE Publications Inc. 1-80.  https://libro.eb20.net/Reader/rdr.aspx?b=209545089

Spam Laws (2022). OFFICIAL CODE OF GEORGIA Title 16. Crimes and Offenses Chapter 9.  Forgery and Fraudulent Practices Article 6. Computer Systems Protection As amended by Senate Bill 62 (2005), approved and effective April 19, 2005. https://spamlaws.com/state/ga.shtml