Online Scams During Emergencies Targeted by House Bill

Sponsor Rep. Bass (R-N.H.) said the first indictment for online Katrina fraud is pending against the creator of a site falsely seeking donations to cover airlifts out of La. On the floor, Bass said the impulse to give quickly without research is highest in disasters. Though the FTC and law enforcement already can prosecute such fraud, doubling penalties “will create an extra element of deterrence,” he said.

Introduced in 2001 and 2003, the Bass measure has yet to pass the Senate. This year’s hurricane season blew away scheduling problems, a Bass spokeswoman told us: It didn’t attract cosponsors because it was “sort of rushed through.” The bill awaits action by the Senate Commerce Committee, chaired by Bass’s N.H. colleague Sen. Sununu, which could up chances of quick passage: “We've been touching base with him” regularly, the spokeswoman said. Bass didn’t consult with antiphishing or online security firms or advocacy groups on the bill’s provisions and effectiveness, she added.

Under the bill, a “national emergency period” runs from the president’s declaration for a year after the crisis ends officially. “Disaster period” is a year from the president’s declaration under the Disaster Relief & Emergency Assistance Act. “International disaster” refers to a natural or manmade disaster in response to which the president provides aid under the Foreign Assistance Act. That section nods to the Asian tsunami and Pakistani earthquake, which also provoked online scams, Bass said. In instances of conviction for such scams, the FTC can seek and a court can apply penalties up to $22,000 for each violation.

Difficult to Deter Scammers Abroad

Over time, higher penalties will strengthen the deterrent effect, but perhaps not evenly, Anti-Phishing Working Group Secy. Gen. Peter Cassidy told us. “If it’s a 17-year-old kid living in the wilds of Wisconsin” an working on contract for a contact made on internet relay chat, the punishment “might not really matter.” But the outcome of a 2004 Secret Service bust of Shadowcrew -- a group selling phished data online -- could have had a stronger deterrent effect had Bass’s bill been law, Cassidy added.

Most phishing is based overseas, so “it’s really difficult to get your hands on them,” Cassidy said. Scammers abroad need the help of “domestic actors,” who could be scared off by stiffer sentences. Most U.S.-based participants “really do not know who they're working for” and aren’t deeply committed to the cause, he said.

The bill fails to address the elements that indirectly enable online scamming poor data sharing among nations and police agencies, Cassidy said. “You can tweak a sentencing guideline faster,” but convictions will remain low without better flow of data to catch scammers in the first place.

AOL, Yahoo, Red Cross Adopt ‘Certified E-Mail’ Platform

The bill comes as charitable entities try to set their e-mail solicitations apart from those by scammers impersonating them. The Red Cross signed Wed. with e-mail verification firm Goodmail in an effort to ensure “donation acknowledgments arrive in donors’ inboxes and not in junk or bulk mail folders,” said Kimberly Reckner, Red Cross lead technical liaison-online fundraising. AOL and Yahoo also signed up for the Goodmail platform for their e-mail services and will implement it “in the coming months,” Goodmail said.

Goodmail’s CertifiedEmail service identifies e-mail from accredited senders as legitimate. It embeds each e- mail with a secure token that must be detected by participating ISPs before delivery goes through to the inbox. The e-mail header shows a CertifiedEmail symbol to indicate the message is legitimate and can be opened.