Phishing is an attempt to trick a user into voluntarily supplying credentials, such as passwords, or bank account information, often by emails, text messages, or fake web pages. Phishing is a common strategy used by hackers to infiltrate a computer system and online accounts. Obviously, this is fraudulent activity. Phishing is such a problem that twenty-three states and Guam have laws specifically aimed at phishing schemes. Florida passed a law that specifically addressed this activity.
In 2006, Florida passed the Antiphishing Act.
Under the Act, a person with an intent to engage in fraudulent activity may not use a web page, Internet domain name, or a link to that web page or domain name or another site on the Internet to induce, request, or solicit a Florida resident to provide identifying information.
The Act also provides that a person with an intent to engage in fraudulent activity may not send or cause to be sent to an electronic mail address held by a Florida resident an electronic mail message that is falsely represented as being sent by another person that induces, requests, or solicits the recipient to provide identifying information.
Using the Act, a person can sue a computer fraudster A person can be awarded damages (money) equal to the greater of (1) actual damages arising from the violation, or (2) the sum of $5,000 for each violation of the same nature. The court may increase an award to an amount up to three times the actual damages sustained if the court finds that the violations have occurred with a frequency as to constitute a pattern or practice.
The Act can be used against people outside of Florida because it states that a violator submits personally to the jurisdiction of Florida courts.
Now, as great as the Act may seem, its almost impossible to enforce. Identifying the alleged "phisher" is extremely difficult, and many phishers are out of state or out of the country. Good luck trying to get money from someone in another country. In fact, there are only two reported Florida cases where phishing was the issue. Yet, there is no question that phishing is occuring at epidemic rates.
What does this mean? Well, its difficult to regulate activity in cyberspace. One has to wonder, are laws in "real space" adequate to regulate activity in cyberspace?
To regulate activity in cyberspace, code is the law, and those writing the code, make the laws.