Phishing scams are a common and growing threat in today’s use of technology. Simply checking your emails can lead to your personal information being leaked without your own knowledge. This is due to phishing messages that are skillfully embedded to look like a real message from an official business or other sources.
Through this technique, the recipient is usually asked to put in their personal information that could range from social security numbers, bank account information, or even passwords. Without realizing that these are scams, it’s easy to believe the sender and send over your sensitive information without a thought. Does this make phishing illegal? Here’s the reality: actual laws will differ from place to place.
Some key phrases to beware of when checking your emails could include:
- There has been suspicious login attempts, put in your password here to receive access
- You have won something (a giveaway or coupon), put in the following information to receive it
- There has been a problem with your payment information, click here to find out more
Is phishing illegal?
While the phishing technique is not illegal by itself, all states do have regulations and laws that prevent you from being able to acquire other people’s private information. While it may not explicitly say “Phishing is illegal”, other criminal laws can be applied in that case. However, a select few states do have specific phishing laws and we witness a growing trend in this as this technique becomes more and more popular. While there is no direct federal law that will sanction the act of phishing, there are broader federal laws that do apply to other identity theft crimes.
Along with a spectrum of other laws, the most prevalent factor of determining what kind of crime it is, is the intent behind it. These phishing laws can also be applicable to phishing websites as well, as they are maintained sites with the sole purpose of stealing information. The intent behind these are clear as they are purposely used to mislead their victims.
What wouldn’t be considered phishing includes:
- Owning a business and asking for the buyer’s credit card information
- Genuinely reaching out to the winners of your giveaway to find their address to send their
- Taking your customer’s personal information in order to complete transactions
Similar to many other identity theft cases, phishing doesn’t have to be successful and result in loss of information in order to be formally criminalized. Conviction can still occur if the hacker sends an e-mail or creates a website with the intention of stealing information. Regardless if the individual falls victim to it or not, the individual committing the theft can still be punished according to the law.
If convicted of phishing, there are a number of punishments that could occur from committing this crime depending on the state. While if it isn’t serious, a misdemeanor conviction would be applied instead.
Some common phishing punishments are:
Fines: These misdemeanor fines could be significant amounts of over $10,000 per offense
Prison: If convicted of a felony, it is possible to get a sentencing of 1-5 years
Restitution: Payment that the victims lost but the perpetrator now owes in order to compensate for their losses
Probation: The perpetrator has to follow a strict set of rules/terms that lasts from 1-3 years in which they have to report consistently to a probation officer
Overall, when asked if phishing is illegal, the answer is generally yes. Since the intention of stealing someone’s personal information is to commit identity theft, this could be criminalized.
Further reading: Can iPhones get viruses from websites?