Email Phishing Scams
Your inbox has an email from your bank. You open it to find an urgent request to verify your account by re-submitting some account information. Don’t do it! It’s almost certainly an email phishing scam.
These online scams can be sophisticated fakes with logos and an email format exactly like the real thing. It can claim to be from the IRS, Microsoft or your credit card company. Phishing – as in fishing for confidential information – happens when someone attempts to fraudulently obtain and uses your personal or financial information through fraud.
How Email Phishing Scams Work
Phishing scams often play out like this:
- A consumer receives an email which appears to originate from a financial institution, government agency, or other well-known, reputable entity.
- The message describes a compelling reason you must "verify" or "re-submit" personal or confidential information by clicking on a link embedded in the message.
- The provided link appears to go to the website of the financial institution, government agency or reputable entity; but in phishing scams, the website belongs to the scammer.
- Once inside the fraudulent website, the consumer may be asked to provide their date of birth, Social Security numbers, account numbers, passwords or other personal identifying information, such as their mother’s maiden name.
- When the consumer provides the information, the scammer can begin to access consumer accounts or assume the person's identity.
Phishing, like its cousin spoofing, often involves requests for credit card numbers, social security numbers, bank account numbers, birth dates, or various passwords. But legitimate businesses and government agencies almost never ask for personal or confidential information in this manner.
Anti-Phishing State Laws
In 2005, California became the first state to enact legislation designed specifically to deter phishing. Under the state's Anti-Phishing Act of 2005, it's unlawful:
"for any person, by means of a Web page, electronic mail message, or otherwise through use of the Internet, to solicit, request, or take any action to induce another person to provide identifying information by representing itself to be a business without the authority or approval of the business."
"references a name, domain address, phone number or other item of identifying information belonging to any person: (1) without obtaining the other person's consent; (2) with the intent to cause a recipient of the communication to reasonably believe that the other person authorized or transmitted the communication; and (3) with the intent to harm or defraud any person."
A handful of other states have enacted anti-phishing laws.
No Specific Anti-Phishing Federal Statute
On the federal level, Congress passed the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act in 2003 order to combat “spam” email. But it doesn't specifically mention phishing. That's not to say lawmakers haven't tried to pass federal anti-phishing legislation. But when both the Anti-Phishing Act of 2004 and Anti-Phishing Act of 2005 were introduced in Congress, they both died in committee. Those tougher bills proposed a five-year prison sentence for those convicted of phishing.
Fear not, though, as federal authorities can still prosecute many forms of online fraud via other statutes. While there is no specific mention of "anti-phishing," the strongest laws on the books are 18 U.S.C. section 1028 and related fraud or identity theft laws which could potentially be applied to phishing offenders.
Charged with Operating an Email Phishing Scam? Get Legal Help
If you're facing allegations of operating an email phishing scam or engaging in other fraudulent activities, the burden is on the prosecution to establish your guilt beyond a reasonable doubt. Having an expert criminal defense attorney can make the difference in your case, either by strengthening your defense or by successfully negotiating a plea bargain. Get in touch with a local criminal defense attorney today to discuss your situation and legal options.