Your inbox has an email from your bank. You open it to find an urgent request to verify your account by re-submitting some account information. Don’t do it! It’s almost certainly a phishing scam.
These online scams can be sophisticated fakes with logos and an email format exactly like the real thing. It can claim to be from the IRS, Microsoft or your credit card company.
Phishing – as in fishing for confidential information – happens when someone attempts to fraudulently obtain and uses your personal or financial information through fraud.
How Phishing Scams Work
Phishing scams often play out like this:
Phishing, like its cousin spoofing, often involves requests for credit card numbers, Social Security numbers, bank account numbers, birth dates, or various passwords. But legitimate businesses and government agencies almost never ask for personal or confidential information in this manner.
Anti-Phishing State Laws
In 2005, California became the first state to enact legislation designed specifically to deter phishing. Under the state's Anti-Phishing Act of 2005, it is unlawful:
"for any person, by means of a Web page, electronic mail message, or otherwise through use of the Internet, to solicit, request, or take any action to induce another person to provide identifying information by representing itself to be a business without the authority or approval of the business."
Other, broader California computer crime laws are also on the books.
Texas also has broad computer crime laws, including making it a crime to:
"Reference the name, domain address, phone number or any other identifying information of a person without that person's consent, intending to cause the recipient to think the message is truly coming from that person, with the intent to harm or defraud someone."
A handful of other states have enacted anti-phishing laws. For more information, FindLaw's state computer crime laws section is a good resource.
No Specific Anti-Phishing Federal Statute
On the federal level, Congress passed the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act in 2003 order to combat “spam” email. But it doesn't specifically mention phishing. That's not to say lawmakers haven't tried to pass federal anti-phishing legislation. But when both the Anti-Phishing Act of 2004 and Anti-Phishing Act of 2005 were introduced in Congress, they both died in committee. Those tougher bills proposed a five-year prison sentence for those convicted of phishing.
Fear not, though, as federal authorities can still prosecute many forms of online fraud via other statutes. While there is no specific mention of "anti-phishing," the strongest laws on the books are 18 U.S.C. section 1028 and related fraud or identity theft laws which could potentially be applied to phishing offenders.
For more information on other computer-based crimes, visit our Online Scams section.
Get Free Legal Help with Your Cybercrime Charges
If you're facing allegations of operating a phishing scam or engaging in other fraudulent activities, the burden is on the prosecution to establish your guilt beyond a reasonable doubt. Having an expert criminal defense attorney can make the difference in your case, either by strengthening your defense or in negotiating a plea bargain. Get in touch with a defense attorney near you today for a free evaluation of your case.