Aggravated Identity Theft

(a) Offenses.—

  • (1)In general.—

Whoever, during and in relation to any felony violation enumerated in subsection (c), knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person shall, in addition to the punishment provided for such felony, be sentenced to a term of imprisonment of 2 years.

  • (2)Terrorism offense.—
    Whoever, during and in relation to any felony violation enumerated in section 2332b(g)
  • (5)(B),knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person or a false identification document shall, in addition to the punishment provided for such felony, be sentenced to a term of imprisonment of 5 years.

(b)Consecutive Sentence.—Notwithstanding any other provision of law—

  • (1) a court shall not place on probation any person convicted of a violation of this section;
  • (2) except as provided in paragraph (4), no term of imprisonment imposed on a person under this section shall run concurrently with any other term of imprisonment imposed on the person under any other provision of law, including any term of imprisonment imposed for the felony during which the means of identification was transferred, possessed, or used;
  • (3) in determining any term of imprisonment to be imposed for the felony during which the means of identification was transferred, possessed, or used, a court shall not in any way reduce the term to be imposed for such crime so as to compensate for, or otherwise take into account, any separate term of imprisonment imposed or to be imposed for a violation of this section; and
  • (4) a term of imprisonment imposed on a person for a violation of this section may, in the discretion of the court, run concurrently, in whole or in part, only with another term of imprisonment that is imposed by the court at the same time on that person for an additional violation of this section, provided that such discretion shall be exercised in accordance with any applicable guidelines and policy statements issued by the Sentencing Commission pursuant to section 994 of title 28.

(c)Definition.—For purposes of this section, the term “felony violation enumerated in subsection (c)” means any offense that is a felony violation of —

  • (1) section 641 (relating to theft of public money, property, or rewards [1]), section 656 (relating to theft, embezzlement, or misapplication by bank officer or employee), or section 664 (relating to theft from employee benefit plans);
  • (2) section 911 (relating to false personation of citizenship);
  • (3) section 922(a)(6) (relating to false statements in connection with the acquisition of a firearm);
  • (4) any provision contained in this chapter (relating to fraud and false statements), other than this section or section 1028(a)(7);
  • (5) any provision contained in chapter 63 (relating to mail, bank, and wire fraud);
  • (6) any provision contained in chapter 69 (relating to nationality and citizenship);
  • (7) any provision contained in chapter 75 (relating to passports and visas);
  • (8) section 523 of the Gramm-Leach-Bliley Act (15 U.S.C. 6823) (relating to obtaining customer information by false pretenses);
  • (9) section 243 or 266 of the Immigration and Nationality Act (8 U.S.C. 1253 and 1306) (relating to willfully failing to leave the United States after deportation and creating a counterfeit alien registration card);
  • (10) any provision contained in chapter 8 of title II of the Immigration and Nationality Act (8 U.S.C. 1321 et seq.) (relating to various immigration offenses); or
  • (11) section 208, 811, 1107(b), 1128B(a), or 1632 of the Social Security Act (42 U.S.C. 408, 1011, 1307(b), 1320a–7b(a), and 1383a) (relating to false statements relating to programs under the Act).

CONTACT US FOR ANY SUPPORT

By

Fraud and related activity

(a) Whoever, in a circumstance described in subsection (c) of this section—

  • (1) knowingly and without lawful authority produces an identification document, authentication feature, or a false identification document;
  • (2) knowingly transfers an identification document, authentication feature, or a false identification document knowing that such document or feature was stolen or produced without lawful authority;
  • (3) knowingly possesses with intent to use unlawfully or transfer unlawfully five or more identification documents (other than those issued lawfully for the use of the possessor), authentication features, or false identification documents;
  • (4) knowingly possesses an identification document (other than one issued lawfully for the use of the possessor), authentication feature, or a false identification document, with the intent such document or feature be used to defraud the United States;
  • (5) knowingly produces, transfers, or possesses a document-making implement or authentication feature with the intent such document-making implement or authentication feature will be used in the production of a false identification document or another document-making implement or authentication feature which will be so used;
  • (6) knowingly possesses an identification document or authentication feature that is or appears to be an identification document or authentication feature of the United States or a sponsoring entity of an event designated as a special event of national significance which is stolen or produced without lawful authority knowing that such document or feature was stolen or produced without such authority;
  • (7) knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, or in connection with, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law; or
  • (8) knowingly traffics in false or actual authentication features for use in false identification documents, document-making implements, or means of identification;
    shall be punished as provided in subsection (b) of this section.

(b) The punishment for an offense under subsection (a) of this section is—

  • (1) except as provided in paragraphs (3) and (4), a fine under this title or imprisonment for not more than 15 years, or both, if the offense is—
  • (A) the production or transfer of an identification document, authentication feature, or false identification document that is or appears to be—
    (i) an identification document or authentication feature issued by or under the authority of the United States; or
    (ii) a birth certificate, or a driver’s license or personal identification card;
  • (B) the production or transfer of more than five identification documents, authentication features, or false identification documents;
  • (C) an offense under paragraph (5) of such subsection; or
  • (D) an offense under paragraph (7) of such subsection that involves the transfer, possession, or use of 1 or more means of identification if, as a result of the offense, any individual committing the offense obtains anything of value aggregating $1,000 or more during any 1-year period;
  • (2) except as provided in paragraphs (3) and (4), a fine under this title or imprisonment for not more than 5 years, or both, if the offense is—
  • (A) any other production, transfer, or use of a means of identification, an identification document,,[1] authentication feature, or a false identification document; or
  • (B) an offense under paragraph (3) or (7) of such subsection;
  • (3) a fine under this title or imprisonment for not more than 20 years, or both, if the offense is committed—
  • (A) to facilitate a drug trafficking crime (as defined in section 929(a)(2));
  • (B) in connection with a crime of violence (as defined in section 924(c)(3)); or
  • (C) after a prior conviction under this section becomes final;
  • (4) a fine under this title or imprisonment for not more than 30 years, or both, if the offense is committed to facilitate an act of domestic terrorism (as defined under section 2331(5) of this title) or an act of international terrorism (as defined in section 2331(1) of this title);
  • (5) in the case of any offense under subsection (a), forfeiture to the United States of any personal property used or intended to be used to commit the offense; and
  • (6) a fine under this title or imprisonment for not more than one year, or both, in any other case.

(c) The circumstance referred to in subsection (a) of this section is that—

  • (1) the identification document, authentication feature, or false identification document is or appears to be issued by or under the authority of the United States or a sponsoring entity of an event designated as a special event of national significance or the document-making implement is designed or suited for making such an identification document, authentication feature, or false identification document;
  • (2) the offense is an offense under subsection (a)(4) of this section; or
  • (3) either—
  • (A) the production, transfer, possession, or use prohibited by this section is in or affects interstate or foreign commerce, including the transfer of a document by electronic means; or
  • (B) the means of identification, identification document, false identification document, or document-making implement is transported in the mail in the course of the production, transfer, possession, or use prohibited by this section.
  • (d) In this section and section 1028A—
  • (1) the term “authentication feature” means any hologram, watermark, certification, symbol, code, image, sequence of numbers or letters, or other feature that either individually or in combination with another feature is used by the issuing authority on an identification document, document-making implement, or means of identification to determine if the document is counterfeit, altered, or otherwise falsified;
  • (2) the term “document-making implement” means any implement, impression, template, computer file, computer disc, electronic device, or computer hardware or software, that is specifically configured or primarily used for making an identification document, a false identification document, or another document-making implement;
  • (3) the term “identification document” means a document made or issued by or under the authority of the United States Government, a State, political subdivision of a State, a sponsoring entity of an event designated as a special event of national significance, a foreign government, political subdivision of a foreign government, an international governmental or an international quasi-governmental organization which, when completed with information concerning a particular individual, is of a type intended or commonly accepted for the purpose of identification of individuals;
  • (4) the term “false identification document” means a document of a type intended or commonly accepted for the purposes of identification of individuals that—
  • (A) is not issued by or under the authority of a governmental entity or was issued under the authority of a governmental entity but was subsequently altered for purposes of deceit; and
  • (B) appears to be issued by or under the authority of the United States Government, a State, a political subdivision of a State, a sponsoring entity of an event designated by the President as a special event of national significance, a foreign government, a political subdivision of a foreign government, or an international governmental or quasi-governmental organization;
  • (5) the term “false authentication feature” means an authentication feature that—
  • (A) is genuine in origin, but, without the authorization of the issuing authority, has been tampered with or altered for purposes of deceit;
  • (B) is genuine, but has been distributed, or is intended for distribution, without the authorization of the issuing authority and not in connection with a lawfully made identification document, document-making implement, or means of identification to which such authentication feature is intended to be affixed or embedded by the respective issuing authority; or
  • (C) appears to be genuine, but is not;
  • (6) the term “issuing authority”—
  • (A) means any governmental entity or agency that is authorized to issue identification documents, means of identification, or authentication features; and
  • (B) includes the United States Government, a State, a political subdivision of a State, a sponsoring entity of an event designated by the President as a special event of national significance, a foreign government, a political subdivision of a foreign government, or an international government or quasi-governmental organization;
  • (7) the term “means of identification” means any name or number that may be used, alone or in conjunction with any other information, to identify a specific individual, including any—
  • (A) name, social security number, date of birth, official State or government issued driver’s license or identification number, alien registration number, government passport number, employer or taxpayer identification number;
  • (B) unique biometric data, such as fingerprint, voice print, retina or iris image, or other unique physical representation;
  • (C) unique electronic identification number, address, or routing code; or
  • (D) telecommunication identifying information or access device (as defined in section 1029(e));
  • (8) the term “personal identification card” means an identification document issued by a State or local government solely for the purpose of identification;
  • (9) the term “produce” includes alter, authenticate, or assemble;
  • (10) the term “transfer” includes selecting an identification document, false identification document, or document-making implement and placing or directing the placement of such identification document, false identification document, or document-making implement on an online location where it is available to others;
  • (11) the term “State” includes any State of the United States, the District of Columbia, the Commonwealth of Puerto Rico, and any other commonwealth, possession, or territory of the United States; and
  • (12) the term “traffic” means—
  • (A) to transport, transfer, or otherwise dispose of, to another, as consideration for anything of value; or
  • (B) to make or obtain control of with intent to so transport, transfer, or otherwise dispose of.

(e) This section does not prohibit any lawfully authorized investigative, protective, or intelligence activity of a law enforcement agency of the United States, a State, or a political subdivision of a State, or of an intelligence agency of the United States, or any activity authorized under chapter 224 of this title.

(f)Attempt and Conspiracy.—
Any person who attempts or conspires to commit any offense under this section shall be subject to the same penalties as those prescribed for the offense, the commission of which was the object of the attempt or conspiracy.

(g)Forfeiture Procedures.—
The forfeiture of property under this section, including any seizure and disposition of the property and any related judicial or administrative proceeding, shall be governed by the provisions of section 413 (other than subsection (d) of that section) of the Comprehensive Drug Abuse Prevention and Control Act of 1970 (21 U.S.C. 853).

(h)Forfeiture; Disposition.—
In the circumstance in which any person is convicted of a violation of subsection (a), the court shall order, in addition to the penalty prescribed, the forfeiture and destruction or other disposition of all illicit authentication features, identification documents, document-making implements, or means of identification.

(i)Rule of Construction.—
For purpose of subsection (a)(7), a single identification document or false identification document that contains 1 or more means of identification shall be construed to be 1 means of identification.

CONTACT US FOR ANY SUPPORT

By

Stored communication Act

(a)Offense.—Except as provided in subsection (c) of this section whoever—

  • (1) intentionally accesses without authorization a facility through which an electronic communication service is provided; or
  • (2) intentionally exceeds an authorization to access that facility;
    and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system shall be punished as provided in subsection (b) of this section.

(b)Punishment.—The punishment for an offense under subsection (a) of this section is—

  • (1) if the offense is committed for purposes of commercial advantage, malicious destruction or damage, or private commercial gain, or in furtherance of any criminal or tortious act in violation of the Constitution or laws of the United States or any State—
  • (A) a fine under this title or imprisonment for not more than 5 years, or both, in the case of a first offense under this subparagraph; and
  • (B) a fine under this title or imprisonment for not more than 10 years, or both, for any subsequent offense under this subparagraph; and

(2) in any other case—

  • (A) a fine under this title or imprisonment for not more than 1 year or both, in the case of a first offense under this paragraph; and
  • (B) a fine under this title or imprisonment for not more than 5 years, or both, in the case of an offense under this subparagraph that occurs after a conviction of another offense under this section.
    (c)Exceptions.—Subsection (a) of this section does not apply with respect to conduct authorized—

(1) by the person or entity providing a wire or electronic communications service;

(2) by a user of that service with respect to a communication of or intended for that user; or
(3) in section 2703, 2704 or 2518 of this title.

CONTACT US FOR ANY SUPPORT

By

Wiretap Act

The Wiretap Act, codified by 18 U.S. Code § 2511, is a federal law aimed at protecting privacy in communications with other persons. Typically, when you think of a “wiretap,” the first thing that comes to mind is someone listening to your telephone calls. But the Act protects more than that. Under the Act, it is illegal to:

  • intentionally or purposefully
  • intercept, disclose, or use the contents of
    1. any wire, oral, or electronic communication
    2. through the use of a “device.”

The Act provides criminal and civil penalties for violations, although it creates various exceptions to when interceptions and disclosures are illegal.

Although the Act defines most of the above terms, federal cases that interpret the Act play a large role in understanding their meaning and how they apply to any particular case or situation. In addition, most states have laws similar to or based on the Act, also meant to protect individuals’ privacy.

What Is “Intentional” Wiretapping?

“Intentional” means that someone has intercepted a communication deliberately. A mistake of law or “ignorance of the law” will not be a defense. So, for example, if someone misunderstands the Act and think that it is not illegal to intercept another person’s telephone call or hack into their email, but the tap was in fact illegal, the person will still be liable under the Act, having intentionally intercepted the call.

What the Wiretap Act Means by Interception, Disclosure, and Use

“Interception” is the acquisition of the contents of a communication, or, in other words, listening to another person’s telephone conversation or reading another person’s email, text, or other messages.

Generally, to be in violation of the Act, the interception has to take place at the same time the communication is made. So, for example, listening in on a live telephone conversation is an “interception,” but accessing stored files on a computer is not. (Often, however, such activity is separately illegal.)

“Disclosing” includes telling another person the contents of the communication, as well as telling the general nature or “gist” of it. Disclosure is illegal if someone knows or suspects that the communication was intercepted in violation of the Act.

So, if someone illegally intercepts a telephone communication in which the participants discuss their involvement in a crime, and give that information to a newspaper reporter, the wiretapper can be liable for violating the Act. This might seem strange, since the person was attempting to publicize a crime. But the conduct is nevertheless illegal.

“Use” requires more than disclosure. The idea here is that the communication is being utilized for some type of gain. For example, someone who illegally records a conversation by an ex-wife and later uses it to bolster a child-custody dispute case could be liable under the Act.

What the Wiretap Act Means by Wire, Oral, or Electronic Communication

“Wire” communications are made through the use of wire, cable, or similar connection between the point of origin and the point of reception. A telephone call is the classic example.

 “Oral” communications are uttered or spoken, where the speaker has an expectation that the communication is private and will not be intercepted. For example, there is no violation of the Act when agents intercept and record a prisoner’s conversations with other inmates, because the prisoner has no reasonable expectation of privacy in that setting.

An “electronic” communication is one that does not contain the human voice, but contains things like words or pictures. Email messages are the best example of such communications.

Under the Electronic Communications Privacy Act (ECPA), codified as 18 U.S. Code § 2510, which protects email messages from interception and disclosure to third parties, an exception allows employers to monitor employee email in the ordinary course of business. Although the meaning of that exception is not yet settled, it may permit an employer to monitor “business-related,” but not personal, communications. Courts may also look to whether the employer had a legitimate business reason for monitoring employee communications.

What the Wiretap Act Means by Use of a “Device”

The communication has to be intercepted by use of a “device,” that is, some mechanical or electrical tool or apparatus, such as a tape recorder, in order to fall under the Wiretap Act.

There are two exceptions for “devices” that can be used without violating the Act:

  • Telephones and related equipment that are used by a subscriber in the ordinary course of business, including “extension” telephones. The idea here is to allow employers to listen in on employee conversations with customers.
  • Hearing aids used to correct or improve subnormal hearing, but not to the point where one’s hearing becomes better than normal. So, someone whose hearing is normal cannot legally use a hearing aid for the purpose of intercepting communications.

Exceptions to Liability Under the Wiretap Act

There are two primary exceptions that allow communications to be intercepted without violating the Wiretap Act:

  • The “provider” exception, which allows telephone service providers to listen to or monitor telephone calls once they have been directed to do so by law enforcement officers with a valid court order (“search warrant”) or when it is necessary to provide a customer with service, to inspect the equipment, or to protect the provider’s property or rights, such as when its network is being used without being paid for.
  • Use by law enforcement officials, who can legally intercept communications when one party consents to it. So, if someone is suspected of illegal activities and a government informant consents, agents can listen to and record conversations with the informant.

Many state laws allow one-party consent to record telephone conversations, but some states require the consent of everyone on the telephone. So, if you are thinking of recording phone calls, even your own, be sure to check the laws in your area before you do so.

CONTACT US FOR ANY SUPPORT

By

Computer Fraud and Abuse Act (CFAA)

(a) Whoever—

(1) having knowingly accessed a computer without authorization or exceeding authorized access, and by means of such conduct having obtained information that has been determined by the United States Government pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as defined in paragraph y. of section 11 of the Atomic Energy Act of 1954, with reason to believe that such information so obtained could be used to the injury of the United States, or to the advantage of any foreign nation willfully communicates, delivers, transmits, or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it;

(2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains—

  • (A) information contained in a financial record of a financial institution, or of a card issuer as defined in section 1602(n) [1] of title 15, or contained in a file of a consumer reporting agency on a consumer, as such terms are defined in the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.);
  • (B) information from any department or agency of the United States; or
  • (C) information from any protected computer;

(3) intentionally, without authorization to access any nonpublic computer of a department or agency of the United States, accesses such a computer of that department or agency that is exclusively for the use of the Government of the United States or, in the case of a computer not exclusively for such use, is used by or for the Government of the United States and such conduct affects that use by or for the Government of the United States;

(4) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period;

(5)

  • (A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
  • (B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or
  • (C) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage and loss.

(6) knowingly and with intent to defraud traffics (as defined in section 1029) in any password or similar information through which a computer may be accessed without authorization, if—

  • (A) such trafficking affects interstate or foreign commerce; or
  • (B) such computer is used by or for the Government of the United States;

(7) with intent to extort from any person any money or other thing of value, transmits in interstate or foreign commerce any communication containing any—

  • (A) threat to cause damage to a protected computer;
  • (B) threat to obtain information from a protected computer without authorization or in excess of authorization or to impair the confidentiality of information obtained from a protected computer without authorization or by exceeding authorized access; or
  • (C) demand or request for money or other thing of value in relation to damage to a protected computer, where such damage was caused to facilitate the extortion;

shall be punished as provided in subsection (c) of this section.

(b) Whoever conspires to commit or attempts to commit an offense under subsection (a) of this section shall be punished as provided in subsection (c) of this section.

(c) The punishment for an offense under subsection (a) or (b) of this section is—

 

(1)

  • (A) a fine under this title or imprisonment for not more than ten years, or both, in the case of an offense under subsection (a)(1) of this section which does not occur after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph; and
  • (B) a fine under this title or imprisonment for not more than twenty years, or both, in the case of an offense under subsection (a)(1) of this section which occurs after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph;

(2)

(A) except as provided in subparagraph

(B), a fine under this title or imprisonment for not more than one year, or both, in the case of an offense under subsection (a)(2), (a)(3), or (a)(6) of this section which does not occur after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph;

(B) a fine under this title or imprisonment for not more than 5 years, or both, in the case of an offense under subsection (a)(2), or an attempt to commit an offense punishable under this subparagraph, if—

(i) the offense was committed for purposes of commercial advantage or private financial gain;
(ii) the offense was committed in furtherance of any criminal or tortious act in violation of the Constitution or laws of the United States or of any State; or
(iii) the value of the information obtained exceeds $5,000; and

(C) a fine under this title or imprisonment for not more than ten years, or both, in the case of an offense under subsection (a)(2), (a)(3) or (a)(6) of this section which occurs after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph;

(3)

  • (A) a fine under this title or imprisonment for not more than five years, or both, in the case of an offense under subsection (a)(4) or (a)(7) of this section which does not occur after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph; and
  • (B) a fine under this title or imprisonment for not more than ten years, or both, in the case of an offense under subsection (a)(4),[4] or (a)(7) of this section which occurs after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph;

(4)

  • (A) except as provided in subparagraphs (E) and (F), a fine under this title, imprisonment for not more than 5 years, or both, in the case of—
    (i) an offense under subsection (a)

(5)

  • (B), which does not occur after a conviction for another offense under this section, if the offense caused (or, in the case of an attempted offense, would, if completed, have caused)—
    (I) loss to 1 or more persons during any 1-year period (and, for purposes of an investigation, prosecution, or other proceeding brought by the United States only, loss resulting from a related course of conduct affecting 1 or more other protected computers) aggregating at least $5,000 in value;
    (II) the modification or impairment, or potential modification or impairment, of the medical examination, diagnosis, treatment, or care of 1 or more individuals;
    (III) physical injury to any person;
    (IV) a threat to public health or safety;
    (V) damage affecting a computer used by or for an entity of the United States Government in furtherance of the administration of justice, national defense, or national security; or
    (VI) damage affecting 10 or more protected computers during any 1-year period; or
    (ii) an attempt to commit an offense punishable under this subparagraph;
  • (B) except as provided in subparagraphs (E) and (F), a fine under this title, imprisonment for not more than 10 years, or both, in the case of—
    (i) an offense under subsection (a)(5)(A), which does not occur after a conviction for another offense under this section, if the offense caused (or, in the case of an attempted offense, would, if completed, have caused) a harm provided in subclauses (I) through (VI) of subparagraph (A)(i); or
    (ii) an attempt to commit an offense punishable under this subparagraph;
  • (C) except as provided in subparagraphs (E) and (F), a fine under this title, imprisonment for not more than 20 years, or both, in the case of—
    (i) an offense or an attempt to commit an offense under subparagraphs (A) or (B) of subsection (a)(5) that occurs after a conviction for another offense under this section; or
    (ii) an attempt to commit an offense punishable under this subparagraph;
  • (D) a fine under this title, imprisonment for not more than 10 years, or both, in the case of—
    (i) an offense or an attempt to commit an offense under subsection (a)(5)(C) that occurs after a conviction for another offense under this section; or
    (ii) an attempt to commit an offense punishable under this subparagraph;
  • (E) if the offender attempts to cause or knowingly or recklessly causes serious bodily injury from conduct in violation of subsection (a)(5)(A), a fine under this title, imprisonment for not more than 20 years, or both;
  • (F) if the offender attempts to cause or knowingly or recklessly causes death from conduct in violation of subsection (a)(5)(A), a fine under this title, imprisonment for any term of years or for life, or both; or
  • (G) a fine under this title, imprisonment for not more than 1 year, or both, for—
    (i) any other offense under subsection (a)(5); or
    (ii) an attempt to commit an offense punishable under this subparagraph.
    (d)
    (1) The United States Secret Service shall, in addition to any other agency having such authority, have the authority to investigate offenses under this section.
    (2) The Federal Bureau of Investigation shall have primary authority to investigate offenses under subsection (a)(1) for any cases involving espionage, foreign counterintelligence, information protected against unauthorized disclosure for reasons of national defense or foreign relations, or Restricted Data (as that term is defined in section 11y of the Atomic Energy Act of 1954 (42 U.S.C. 2014(y)), except for offenses affecting the duties of the United States Secret Service pursuant to section 3056(a) of this title.
    (3) Such authority shall be exercised in accordance with an agreement which shall be entered into by the Secretary of the Treasury and the Attorney General.
    (e) As used in this section—
    (1) the term “computer” means an electronic, magnetic, optical, electrochemical, or other high speed data processing device performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device, but such term does not include an automated typewriter or typesetter, a portable hand held calculator, or other similar device;
    (2) the term “protected computer” means a computer—
    (A) exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or
    (B) which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States;
    (3) the term “State” includes the District of Columbia, the Commonwealth of Puerto Rico, and any other commonwealth, possession or territory of the United States;
    (4) the term “financial institution” means—
    (A) an institution, with deposits insured by the Federal Deposit Insurance Corporation;
    (B) the Federal Reserve or a member of the Federal Reserve including any Federal Reserve Bank;
    (C) a credit union with accounts insured by the National Credit Union Administration;
    (D) a member of the Federal home loan bank system and any home loan bank;
    (E) any institution of the Farm Credit System under the Farm Credit Act of 1971;
    (F) a broker-dealer registered with the Securities and Exchange Commission pursuant to section 15 of the Securities Exchange Act of 1934;
    (G) the Securities Investor Protection Corporation;
    (H) a branch or agency of a foreign bank (as such terms are defined in paragraphs (1) and (3) of section 1(b) of the International Banking Act of 1978); and
    (I) an organization operating under section 25 or section 25(a) 1 of the Federal Reserve Act;
    (5) the term “financial record” means information derived from any record held by a financial institution pertaining to a customer’s relationship with the financial institution;
  • (6) the term “exceeds authorized access” means to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter;
  • (7) the term “department of the United States” means the legislative or judicial branch of the Government or one of the executive departments enumerated in section 101 of title 5;
  • (8) the term “damage” means any impairment to the integrity or availability of data, a program, a system, or information;
  • (9) the term “government entity” includes the Government of the United States, any State or political subdivision of the United States, any foreign country, and any state, province, municipality, or other political subdivision of a foreign country;
  • (10) the term “conviction” shall include a conviction under the law of any State for a crime punishable by imprisonment for more than 1 year, an element of which is unauthorized access, or exceeding authorized access, to a computer;
  • (11) the term “loss” means any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service; and
  • (12) the term “person” means any individual, firm, corporation, educational institution, financial institution, governmental entity, or legal or other entity.
    (f) This section does not prohibit any lawfully authorized investigative, protective, or intelligence activity of a law enforcement agency of the United States, a State, or a political subdivision of a State, or of an intelligence agency of the United States.
    (g) Any person who suffers damage or loss by reason of a violation of this section may maintain a civil action against the violator to obtain compensatory damages and injunctive relief or other equitable relief. A civil action for a violation of this section may be brought only if the conduct involves 1 of the factors set forth in subclauses [5] (I), (II), (III), (IV), or (V) of subsection (c)(4)(A)(i). Damages for a violation involving only conduct described in subsection (c)(4)(A)(i)(I) are limited to economic damages. No action may be brought under this subsection unless such action is begun within 2 years of the date of the act complained of or the date of the discovery of the damage. No action may be brought under this subsection for the negligent design or manufacture of computer hardware, computer software, or firmware.
    (h) The Attorney General and the Secretary of the Treasury shall report to the Congress annually, during the first 3 years following the date of the enactment of this subsection, concerning investigations and prosecutions under subsection (a)(5).
    (i)
    (1) The court, in imposing sentence on any person convicted of a violation of this section, or convicted of conspiracy to violate this section, shall order, in addition to any other sentence imposed and irrespective of any provision of State law, that such person forfeit to the United States—
    (A) such person’s interest in any personal property that was used or intended to be used to commit or to facilitate the commission of such violation; and
    (B) any property, real or personal, constituting or derived from, any proceeds that such person obtained, directly or indirectly, as a result of such violation.
    (2) The criminal forfeiture of property under this subsection, any seizure and disposition thereof, and any judicial proceeding in relation thereto, shall be governed by the provisions of section 413 of the Comprehensive Drug Abuse Prevention and Control Act of 1970 (21 U.S.C. 853), except subsection (d) of that section.
    (j) For purposes of subsection (i), the following shall be subject to forfeiture to the United States and no property right shall exist in them:
    (1) Any personal property used or intended to be used to commit or to facilitate the commission of any violation of this section, or a conspiracy to violate this section.
    (2) Any property, real or personal, which constitutes or is derived from proceeds traceable to any violation of this section, or a conspiracy to violate this section

CONTACT US FOR ANY SUPPORT

By

Issues Related to Online Purchases

Overspending on Real Goods

With a host of online retail, auction and daily deals sites it’s easy to get carried away and spend more than intended. (This is especially true considering that most online purchases are made using credit.)

Overspending on Virtual Goods

The market in “virtual goods” – items and services that exist only online – reached 653 million dollars in 2011. Many of these goods relate to online games: from purchasing the games themselves, to upgrading avatars, purchasing items or getting through levels more quickly. Apps for mobile devices are also popular purchases online. (Apple claims to offer over 500,000 Apps for its iPod, iPhone and iPad platforms).

Security Tips

Whether overspending is on physical or virtual goods, there are a number of tools and strategies that can help keep this under control.

  • Since most online purchases are done using credit, keeping the spending limit on a credit card low – or using prepaid credit cards – can help curtail impulse buying. Some retailers such as iTunes allow parents to give their children a set “allowance.”
  • Watch for hidden fees, shipping and handling, or customs fees, when buying physical goods online.
  • When buying any virtual product or service, make sure to read the description and service agreement carefully.
  • Finally, parents should talk to their children about some of the risks associated with buying things online and make sure they understand that many virtual goods cost real money.

CONTACT US FOR ANY SUPPORT

By

Identity Spoofing

Online identity spoofing is when someone else impersonates either you or your computer. Professional scammers have been known to impersonate famous actors, musicians, and athletes as well as other important political and corporate figures. For example, in 2010, Interpol Secretary General Ronald Noble had two Facebook accounts opened in his name by cybercriminals. They then used the profiles to contact various police departments to elicit sensitive information about police investigations.

IP Address Spoofing

Spoofing an IP address involves changing the header of an Internet protocol address (that allows servers to know where information is coming from) to match someone else’s IP. If your IP address is spoofed, this may cause you to be associated with illegal activities like hacking websites, and may also provide a hacker with access to systems that read your computer as “trusted.”

Security Tips

  • It is difficult to fully guard against identity spoofing, as services such as Facebook and Twitter allow anyone to set up an account in any name. To report a spoofed Facebook page, you need to first have a Facebook account: then go to the spoofed profile, click the button next to “Message” and select “Report/Block.” Then click “This profile/timeline is pretending to be someone or is fake” and then “Pretending to be me” and finally “Continue.” If you have been spoofed on Twitter, file a report at this address: https://support.twitter.com/forms/impersonation.

  • To avoid having your own Facebook or Twitter account hacked into, never share your password with anyone and make sure to sign out of each service before you close the tab or window.

  • Your IP address is most at risk when you are using public Internet hotspots at places such as airports or coffee shops. When using these, it is a good idea to use an IP anonymizer such as Hotspot Shield (http://www.hotspotshield.com/) which temporarily assigns you a random IP address so that your computer’s own IP address is not compromised.

CONTACT US FOR ANY SUPPORT

By

Identify Thefts

Data Theft

Identity theft is the deliberate use of someone else’s identity, usually as a method to gain a financial advantage or obtain credit and other benefits in the other person’s name, and perhaps to the other person’s disadvantage or loss.The Internet provides innovative ways for people to steal personal information and to commit fraud. Thieves can obtain your information in several different ways, such as spreading viruses that install key loggers (programs which record everything you type) on your computer to discover your passwords, usernames and credit card numbers.

Many online businesses store personal information about customers and shoppers on their websites so that it can be used for quick and easy service when a customer returns to the website. While convenient, this also provides another way for personal information to be accessed: for example, in 2011 Sony experienced a data breach that resulted in 77 million of their Playstation Network users having their personal information stolen. A Sony spokesperson admitted that it could not predict or protect against the next attack because of the nature of hackers – all the more reason to not permit companies to store credit information on their websites.

Identity theft can go beyond criminals using personal information for monetary gain: this information may also be used to obtain legal documents such as a driver’s licence, health card, social insurance number and passport. This was the case for Stancy Nesby, who was arrested or detained seven times from 2002 to 2004 because her identity had been used in 1999 by a woman with an outstanding warrant for her arrest. It was not until four years later, and a lawsuit against the city of San Francisco, that the warrant was finally corrected.

Security Tips

A good start for preventing identity theft is not giving out any unnecessary information. Be especially careful in protecting your social insurance number.
In addition:

  • Make sure your online accounts have strong passwords: a good password includes both lower and upper case letters as well as a mix of numbers and non-letter characters (such as @ or #) and is at least eight characters long. It’s a good idea to have different passwords for different online accounts, so that if one is compromised the others are safe: you can do this easily by having one “master” password and putting the first and last letter of each online service at the beginning and end, so that if your master password is B!u3b3rrY your Facebook password would be FB!u3b3rrYk.
  • Ensure that any website requiring personal information has a clear and comprehensive privacy policy that explains in detail how your information may be used.
  • Never send personal information via email: email is not secure.
  • Social networking sites are a breeding ground for identity thieves. You should never accept a request to be friends from someone you don’t know and you should also be careful and selective about what type of information you post and share online.

The Office of the Privacy Commissioner of Canada (OPC) is one of many organizations that provides valuable facts and information about identity theft, including preventative measures to identity theft concerns. For consumers who believe they are a victim of identity theft, the OPC recommends taking immediate steps to protect yourself by placing fraud alerts on your credit cards, filing police reports, and filing a complaint with the Office of the Privacy Commissioner.

CONTACT US FOR ANY SUPPORT

By

Types of Online Scams

Auction Fraud

Online auction fraud is common and one of the most complained-about online issues today. Credit card fraud is a wide-ranging term for theft and fraud committed using or involving a payment card, such as a credit card or debit card, as a fraudulent source of funds in a transaction. You can run into several different scams when shopping online. While making purchases on an online auction site such as eBay, for example, you could end up paying for stolen or counterfeit goods, or for goods that never arrive at all. In addition to this, sellers can place false bids on their own goods to drive their prices up or could include disproportionately large or hidden shipping and handling fees.  A healthy dose of skepticism and caution is definitely required when shopping online: some sellers, unfortunately, take advantage of the scarcity of popular products such as the iPad or Nintendo 3DS to defraud buyers.

Email/IM Phishing Scam

The main goal of these scams is to obtain personally identifiable information or to get access to credit cards or bank accounts. Phishing is when someone attempts to lure you into compromising your password information through emails (usually claiming to be from a bank) and Web pages that appear to be legitimate but are not the real thing.

Keep in mind that banks and other financial institutions never contact clients by email first. If you think there may be a problem with your bank account or credit card, call your bank or credit card company or go to their legitimate website (remember to confirm that the Web address starts with https, as in https:www.abank.ca.)

There are a number of signs that can raise red flags about the legitimacy of emails that claim to be from a financial institution:

  1. They request your password or account number. Banks will never ask you to “confirm” these.
  2. They say you need to act immediately. These emails often try to prey on your fears by saying that your account will be closed if you don’t act right away.
  3. They make spelling or grammar mistakes.
  4. The link they want you to click has a long URL, often with a lot of meaningless numbers and letters. Banks actually keep their URLs as short as possible to help you remember them.
  5. They don’t look or feel quite right. Phishing URLs sometimes try to copy the logo or other visual elements of a bank or financial institution, but they often don’t get it quite right. Even if it looks right, don’t trust an email claiming to be from a financial institution if it fails any of these tests.
Scareware

Scareware is the term used to refer to online “pop-up” alerts which claim to have detected a virus or other problem on your computer. These often claim to be from Internet security companies or from law enforcement agencies. Clicking on one of these can have a variety of negative effects, from downloading malware onto your computer to exposing your personal information. In some cases clicking on a scareware pop-up will simply freeze your computer, after which the scammers will try to extort money from you in exchange for unlocking it.

Scareware can generally be avoided by running a pop-up blocker. Most browsers allow you to determine whether or not you see pop-ups:

  • In Internet Explorer, select Tools, then Pop-Up Blocker
  • In Firefox, select Tools, then Options, then Block Pop-Up Windows
  • In Chrome, select Options, then Under the Hood, then Content Settings (under Privacy), then Pop-Ups and select “Do not allow any site to show up (recommended)”
  • In Safari, select Preferences, then Security, then Block Pop-up Windows

Running a reliable Internet security program will also help keep you from receiving malicious pop-ups, as will some add-on programs such as AdAware and NoScript.

419 Scam

This scam, also known as the advance fee scam, starts with an email from someone who claims to need your help moving money out of another country. The catch is that you must provide some money up front, supposedly to cover a transfer fee, with the promise of receiving a small fortune when the task is complete. [14] Victims of this fraud typically lose thousands of dollars.

Chain Letter Scams

Chain letter scams involve sending an email to a large list of contacts which prompts them to forward it to their own contacts, and so on. In the email you are asked to send a small amount of money to a certain number of contacts and to add your name to the contact list. This supposedly guarantees that in the end a large amount of money will come back your way. The problem with this is that it is a modern-day version of a pyramid scheme: only the original senders ever make any money. Chain letter scams of this nature are illegal in most countries, including Canada and the U.S..

Postal Forwarding/Reshipping Scam

In this scam you are asked, either through emails or online job postings, to receive and then re-ship goods for a foreign company. The goods that come your way, however, are usually stolen or acquired through credit card fraud, making you an accessory to the scammers’ crimes.

“Congratulations, You’ve Won an Xbox…” Scam

This scam begins with an email telling you that you have won a popular gadget, such as a new gaming console, but to receive it, you have to submit your bank account or credit card information to cover shipping charges. Not only will you lose that money but you may also have your bank account or credit card compromised. If you legitimately win a product you will not be asked for any personal financial information or to pay for the shipping.

Gaming Console Threats

Because most gaming consoles today are able to connect to the Internet, they are now susceptible to some of the security issues that are associated with computers. While viruses have not yet become a problem with gaming consoles, the breach of Sony’s Playstation Network – which compromised the data of 77 million users – indicates that hacking and identity theft are a potential risk when using consoles.

CONTACT US FOR ANY SUPPORT

By

Security Tips- Types of spam filters

Security Tips

Never reply to spam. Doing so only identifies your phone, email or IM account as active to the sender and guarantees you will get further unwanted messages. The most effective way to protect against email spam is to use a filtering system: some filters are available to purchase (such as Spamtitan) but there are also spam filters available as free online downloads (POPfile, Spamfence, Spamihilator). When dealing with content that does not offer filtering, such as forums and comment sections, you essentially have to rely on your own better judgment: anything that looks like marketing or advertising or generally out of place usually isn’t worth your attention.

Types of Spam Filters

    • List-based

      filters essentially categorize users as either trusted or not trusted and allow messages only from trusted users. You can use either blacklisting or whitelisting techniques to create your own lists: blacklisting means creating a list that specifies which users to decline mail from, while you can whitelist by creating a list that specifies which users to accept mail from.

    • Content-based

      filters, such as the filters used by most webmail services, evaluate individual messages to determine whether they are legitimate or spam rather than blocking all messages from a particular email address. This is done by evaluating the words and phrases in an individual message. A variety of content filters exist. The most basic are word filters which simply block any message containing certain, pre-specified words. Heuristic filters are a little more sophisticated and evaluate patterns of text and series of words. Bayesian content filters are the most advanced as they use mathematical probability to determine which messages are spam.

    • The most effective way to defend against mobile phone spam is to protect your email address. Avoid giving out your email address in a public forum or, if it is absolutely necessary to do so, write it in such a way that a person can read it but not a computer (for instance, write out the @ sign as “at” or the periods as “dot”). To prevent sales calls on your mobile phone the strategy is very much the same: never give out your mobile number if you do not have to.

    • If you are receiving marketing calls on your mobile phone, you can add your number to the Do Not Call Registry.Telemarketers are not allowed to call numbers on this list: the exceptions are charities registered in Canada, political parties, and general-circulation newspapers. As well, telemarketers can call you if you have an “existing business relationship” with them: this is defined as having bought, leased or rented something from the telemarketer, having a written contract with the telemarketer that is still in effect or has expired less than eighteen months ago, or having asked the telemarketer about a product or survey in the last six months.

    • Well known VoIP providers (such as Vonage or Skype) carry calls through their closed systems and they already implement a certain amount of protection against SPIT. Much the same as with email spam filters, whitelisting seems to work effectively against SPIT because you are creating a safe and closed calling list

CONTACT US FOR ANY SUPPORT

By