Imagine you receive an email from your bank. You open it to find an urgent request to verify your account by re-submitting sensitive information. Be careful! It may be an email phishing scam.
Online scammers have become more sophisticated with their internet crimes. They often use fake logos and realistic email formats. Phishing, as in fishing for sensitive information, happens when someone attempts to obtain and use your personal or financial information through fraud.
This article summarizes how email phishing works and the laws related to phishing. Consider contacting a consumer protection or criminal defense attorney for more specific information.
How Email Phishing Scams Work
Phishing scams often play out like this:
- A consumer receives an email appearing to originate from a financial institution, government agency, or other entity.
- The message describes why you must enter personal or confidential information. For example, the email may request you “reverify" your information.
- The provided link appears to go to the website of the entity, but, in phishing scams, the website belongs to the scammer.
- Once you visit the fraudulent website, it may ask you to provide personal information. For example, it may ask for your date of birth, Social Security numbers, account numbers, or personal identification numbers. It may also try to get your password or hints about your password, like your mother's maiden name or your dog's name.
- When the consumer provides the information, the scammer can access consumer accounts or assume the person's identity.
Phishing, like spoofing, often involves requests for credit card numbers or bank account numbers. Legitimate businesses and government agencies rarely ask for personal or confidential information in this manner.
Anti-Phishing State Laws
In 2005, California became the first state to enact legislation to deter phishing crimes. Under the state's Anti-Phishing Act of 2005, it's unlawful:
". . . for any person, by means of a Web page, electronic mail message, or otherwise through use of the Internet, to solicit, request, or take any action to induce another person to provide identifying information by representing itself to be a business without the authority or approval of the business."
Other, broader California computer crime laws are also on the books. Texas also has broad computer crime laws, including making it a crime for anyone who:
". . . references a name, domain address, phone number or other item of identifying information belonging to any person: (1) without obtaining the other person's consent; (2) with the intent to cause a recipient of the communication to reasonably believe that the other person authorized or transmitted the communication; and (3) with the intent to harm or defraud any person."
Almost all states have enacted anti-phishing laws to deter cybercrime. Most phishing scams are misdemeanors.
No Specific Anti-Phishing Federal Statute
Congress passed the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act in 2003 to combat “spam" email, but the federal law does not specifically mention phishing schemes.
Lawmakers have tried to pass federal anti-phishing legislation. When they introduced the Anti-Phishing Act of 2004 and the Anti-Phishing Act of 2005 in Congress, both bills died in committee. Those bills proposed a five-year prison sentence for those convicted of phishing.
Federal authorities may still prosecute many forms of online fraud via other statutes. While there is no specific mention of anti-phishing, the strongest laws on the books are codified in 18 U.S.C. section 1028. Law enforcement may also apply related fraud and identity theft laws to phishing offenders.
The Federal Bureau of Investigation (FBI) has an Internet Crime Complaint Center (IC3). The FBI encourages anyone affected by internet crime to report it on their website. The IC3 also provides information about protecting yourself from phishing scams.
Charged With Operating an Email Phishing Scam? Get Legal Help
The government must establish your guilt if they accuse you of operating an email phishing scam or other white-collar crime. Having an expert criminal defense lawyer can make a difference in your case. Contact a local criminal defense attorney today to discuss your situation and legal options. An experienced attorney can provide critical legal advice about the following:
- Defense and litigation strategy regarding your criminal case and fraud schemes such as wire fraud and mail fraud
- General information about criminal law and criminal charges
- How a prior criminal record may affect potential sentencing in a fraud conviction
If you are the victim of a phishing scam, contact an expert internet attorney near you.