Legislative Memo


S.5370-C(Fuschillo) / A.8025- C (Brodsky)



Anti Phishing legislation



March 7, 2006


SUMMARY: This bill amends the general business law by adding a new section 390-b,
which prohibits the solicitation of personal information through electronic communications
that falsely claim to have been sent by a particular business, for the purpose of
committing fraud.

THE PROBLEM: Known as “phishing”, this practice is particularly troublesome as
these fraudulent emails prey upon the most susceptible and often take advantage of tragic
events. For example, shortly after the devastation of hurricane Katrina, there was a flurry
of fraudulent emails sent, which appeared to come from charitable organizations such as
the Red Cross. These emails were asking for relief money, but in reality they were using
the Red Cross trademark to steal money from unsuspecting people.

Many financial institutions are also frequently used by phishers. The phishers portray
themselves as a well known bank, explain that they have experienced a security breach,
and ask the recipient to provide some personally identifying information. The phishers
then have access to the customers' private information and use it to steal that person's

THE BILL'S PROVISIONS: This bill would allow the Attorney General, companies
providing Internet access, and companies whose trademarks are infringed, to bring an
action to recover actual damages or $1,000 per violation.

CONCLUSION: Phishing is a major problem in today's technological age. The amount
of commerce conducted over the Internet increases daily, and the cost of phishing rises
commensurately. The Business Council believes it is important that companies have the
ability to go after phishers . This legislation would provide such a tool. For the
abovementioned reasons, The Business Council strongly supports this legislation and
urges its enactment.