Companies that have their identities used in phishing scams have little recorse in stopping the attacks. However, new legislation proposed by the Justice Department would expand the ability of enforcement agencies to prosecute identity theft, and adds provisions that may help corporations who are used in phishing scams.
The “Identity Theft Enforcement and Restitution Act of 2007″ would expand the reach of federal law to criminal activity that currently “slips through the cracks” of existing federal law. Among the many provisions, the law would increase the ability of the federal government to prosecute criminals by expanding the definitions of the criminal activity that defined “identify theft” and by addressing specific technologies such as spyware and keystroke logging. The bill would also expand the rights of victims to seek restitution for the hours spent recovering from ID theft.
Several provisions introduced in the bill may help corporations fight identify theft. For example, the law would close gaps in two federal statutes by making it illegal to use not just a person’s identification but also the identification of a corporation or organization “such as the name, logo, trademark”, as is common in phishing attacks. Other language closes more gaps related to cyber-extortion as covered in the Computer Fraud and Abuse Act, by including threats “to steal or corrupt data on a victim’s computer, or not repair damage the offender already caused to the computer.”