New York Consolidated Laws, General Business Law - GBS § 390-b. Anti-phishing act of 2006

Welcome to FindLaw's Cases & Codes, a free source of state and federal court opinions, state laws, and the United States Code. For more information about the legal concepts addressed by these cases and statutes, visit FindLaw's Learn About the Law.

1. This section shall be known as and may be cited as the “anti-phishing act of 2006”.

2. For purposes of this section, the following terms shall have the following meanings:

(a) The term “electronic message” means a message sent or posted to a unique destination, commonly expressed as a string of characters, consisting of a unique user name or mailbox (commonly referred to as the “local part”) and a reference to an internet domain (commonly referred to as the “domain part”), whether or not displayed, to which an electronic message can be sent, delivered or posted.

(b) The term “identifying information” means an individual's (1) social security number;  (2) driver's license number;  (3) bank account number;  (4) credit or debit card number;  (5) personal identification number (PIN);  (6) automated or electronic signature;  (7) unique biometric data;  (8) account passwords;  or (9) any other piece of information that can be used to access an individual's financial accounts or to obtain goods or services.

(c) The term “internet” means collectively the myriad of computer and telecommunications facilities, including equipment and operating software, which comprise the interconnected world-wide network of networks that employ the transmission control protocol/internet protocol, or any predecessor or successor protocols to such protocol, to communicate information of all kinds by wire or radio.

(d) The term “web page” means a location, with respect to the world wide web, that has a single uniform resource locator or other single location with respect to the internet.

3. It is unlawful for any person, by means of a web page, electronic message, or other use of the internet to solicit, request or collect identifying information by deceptively representing himself or herself, either directly or by implication, to be a business or a governmental entity and doing so without the authority or approval of such business or such governmental entity.

4. (a) The attorney general, or any person who either is engaged in the business of providing internet access service to the public or owns a web page or trademark and who is adversely affected by reason of a violation of the provisions of subdivision three of this section, may bring an action against a person who violates the provisions of subdivision three of this section:

(1) to enjoin further violation of the provisions of subdivision three of this section;  and

(2) to recover the greater of:

(A) actual damages;  or

(B) one thousand dollars for each instance in which identifying information is solicited, requested or collected from a person in violation of the provisions of subdivision three of this section.

(b) In an action under paragraph (a) of this subdivision, a court may:

(1) increase the damages up to three times the damages allowed by paragraph (a) of this subdivision where the defendant has been found to have engaged in a pattern and practice of violating the provisions of subdivision three of this section;  and

(2) award costs and reasonable attorney's fees to a prevailing party.

5. Nothing in this section shall in any way limit rights or remedies which are otherwise available under law to the attorney general or any other person authorized to bring an action under subdivision four of this section.

Cite this article: - New York Consolidated Laws, General Business Law - GBS § 390-b. Anti-phishing act of 2006 - last updated January 01, 2021 |

FindLaw Codes may not reflect the most recent version of the law in your jurisdiction. Please verify the status of the code you are researching with the state legislature or via Westlaw before relying on it for your legal needs.

Copied to clipboard