CMA needs teeth so that it can bite email fraudsters

By on
CMA needs teeth so that it can bite email fraudsters

As we well know, the provenance of an email message can't be trusted. Sadly, the general internet-hooked public had only been made aware of this recently, as a result of two developments.

Firstly, Google's excellent Gmail service is smart enough to know when a message in a subscriber's inbox might not be all that it seems. So when I get a missive from Paypal warning me that my account has been suspended because of possible fraudulent action, and inviting me to reconfirm my details, there's a banner at the top that boldly warns me that this message may not be from whom it appears to be, and I am advised to beware of acting on it or clicking any links within it.

My compliments to Google for implementing such technology. It's a brave thing to do, because there's a possible risk that things might get legal if the system starts producing false-positives. Let's hope that this never happens. If only such procedures were employed by more email providers, the internet might be a slightly safer place.

The other reason the public knows a little more about faked email is infinitely more depressing. Shortly after the Asian tsunami, Christopher Pierson sent various faked messages to frantic relatives who'd placed appeals on a TV news web forum. The emails, which claimed to be from a UK Foreign Office official in Thailand, falsely confirmed the deaths of the people concerned.

Although sending fake emails is very easy and requires nothing more than knowing how to telnet into an SMTP server, doing it in a way that can't be traced is a little more tricky. The police quickly tracked down Pierson and issued a statement saying that he faced possible charges under the Malicious Communications Act of 1988, which outlaws the sending of messages designed "to cause distress or anxiety". This Act currently attracts a fine upon conviction by magistrates of up to £2500. After pleading guilty, he was ultimately jailed for six months under Section 1 of the Act.

The law enforcement industry has frequently claimed that the Computer Misuse Act is in urgent need of updating because it fails to cover certain offences such as Distributed Denial of Service attacks, and, presumably, sending fake emails. If this is true, then the CMA updates can't come soon enough. If the Act is worded so tightly that it doesn't apply to despicable offences such as this, then it clearly isn't the general-purpose deterrent it was originally claimed to be.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition

Most Read Articles

Log In

  |  Forgot your password?