[Congressional Record Volume 154, Number 30 (Monday, February 25, 2008)]
[Senate]
[Pages S1126-S1127]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

      By Ms. SNOWE (for herself, Mr. Nelson of Florida, and Mr. 
        Stevens):
  S. 2661. A bill to prohibit the collection of identifying information 
on individuals by false, fraudulent, or deceptive means through the 
Internet, a practice known as ``phishing'', to provide the Federal 
Trade Commission the necessary authority to enforce such prohibition, 
and for other purposes; to the Committee on Commerce, Science, and 
Transportation.
  Ms. SNOWE. Mr. President, I rise today to introduce legislation that 
focuses on eliminating online fraud and identity theft that is 
facilitated through the use of phishing schemes, as well as deceptive 
and misleading domain names. Phishing is a method of online identity 
theft that takes the form of fraudulent e-mails or fake Web sites in 
order to deceive the recipient into giving personal or financial 
account information. In addition to victimizing unsuspecting consumers, 
phishing scams maliciously exploit the trust that legitimate businesses 
have worked so hard to establish with consumers.
  The Anti-Phishing Consumer Protection Act of 2008 would prohibit the 
practice of phishing--the deceptive solicitation of a consumer's 
personal information through the use of e-mails, instant messages, and 
misleading Web sites that trick recipients into divulging their 
information to identity thieves. The legislation would also prohibit 
related abuses, such as the practice of using fraudulent or misleading 
domain names, by defining them as deceptive practices under the FTC 
Act.
  Additionally, the legislation seeks to solidify the integrity of 
domain name registration, a longtime goal for the Federal Trade 
Commission, by making it illegal for a domain name registrant to 
provide false or misleading identifying contact information in a WHOIS 
database when registering a domain name. Too often law enforcement 
officials have been hindered in their pursuit of phishers and other 
online scams

[[Page S1127]]

because the person responsible is hiding behind the anonymity of false 
registration information--this legislation would put an end to that 
practice by requiring accurate registration information about those 
that own Web sites and domain names that are used to harm consumers.
  The reason it is imperative to address this through legislation is 
because online fraud and, more specifically, phishing scams are running 
rampant. A December 2007 New York Times article reported that more than 
3.5 million Americans lost money to phishing schemes and online 
identity theft over a 12-month period ending in August 2007--this is a 
57-percent increase over the previous year. The total amount lost by 
the victims, $3.2 billion dollars. The Anti-Phishing Working Group 
found, in November 2007, that 178 corporate identities and brands were 
hijacked and used for phishing scams, which is the highest number ever 
reported. All of these figures are very disconcerting and will only 
increase if we don't put greater effort on curtailing this online 
fraud.
  Phishing and other forms of identity theft continue to have a 
detrimental effect on e-commerce by eroding consumers' confidence in 
online transactions. According to a 2007 Javelin Strategy & Research 
study, 80 percent of Internet users are concerned about being victims 
of online identity theft. What is more, a 2006 Zogby Interactive poll 
found that 78 percent of small business owners polled stated that a 
less reliable Internet would damage their business. While consumer 
confidence is critical in any commerce activity, it is paramount for 
online transactions. Phishing and other online fraud activities 
directly undermine that vital trust.
  Phishing schemes aren't just isolated to individuals and e-commerce. 
Companies, organizations, and government agencies are also targets. A 
form of phishing known as spear phishing targets these entities to gain 
unauthorized access to the organization's computer system in order to 
steal financial information, trade secrets, or even top-secret military 
information. The security risks that phishing poses in the world of 
cyberterrorism is very significant.
  But one doesn't have to look to some distant country to find the 
origin of traditional phishing schemes. The United States only until 
recently was consistently the top country that hosted the most phishing 
Web sites. While China now holds that claim, the United States is a 
very close second--hosting approximately 24 percent of phishing Web 
sites. So we can definitively do more within our borders to make the 
Internet notably safer.
  Since President Bush signed the stimulus package into law earlier 
this month, millions of Americans will be expecting to receive tax 
rebate checks this May. But before those checks arrive, taxpayers 
should also expect to be targets of numerous phishing schemes between 
now and then. Many of these scams involve official-looking e-mail 
messages that try to trick the recipient into entering their personal 
information at a fake IRS Web site by stating in the e-mail that they 
are eligible for a refund check. This is not the first time the IRS 
identity has been misused for phishing scams, and it will continue if 
we don't do more to go after phishers.
  And this is what the Anti-Phishing Consumer Protection Act of 2008 
does. It looks to make the Internet safer and more reliable. It also 
facilitates the restoration of trust and consumer confidence that has 
been eroded by the prevalence of deceptive e-mails and Web sites, which 
has, in part, mired the Internet from achieving its full potential. 
That is why I sincerely hope that my colleagues join Senators Bill 
Nelson, Stevens, and me in supporting the critical legislation.
                                 ______