Phishing: Sentencing and Penalties

The crime of phishing occurs when a person sends an e-mail, text message, or other communication to someone else in an attempt to convince the recipient to reveal sensitive personal information.

Updated January 03, 2023

The crime of phishing occurs when a person sends an e-mail, text message, or other communication to someone else in an attempt to convince the recipient to reveal sensitive personal information. Phishing scams attempt to conceal the fraudulent nature of the message by portraying it as some sort of official communication. For example, someone engaging in a phishing scam might send out a mass e-mail that looks as if it originated from a well-known company, such as eBay or Bank of America, or from a government agency, such as the Federal Trade Commission.

Phishing

Phishing messages ask the recipient to send sensitive information, such as the person's name, date of birth, Social Security number, account passwords, personal identification numbers, and anything else a criminal can use to commit identity theft. The end goal of these phishing scams is to acquire information the criminal can use to open fraudulent accounts in the victim's name, or otherwise fraudulently access or use the victim's identity for financial gain.

Identity Theft

Phishing is really just one type of a broader category of crime known as identity theft. Identity theft covers any instance where someone attempts to use someone else's personal information in a fraudulent or illegal manner, though phishing scams are very common.

Knowing and Intentional

Phishing occurs when someone intentionally tries to obtain sensitive information by using fraudulent or misleading communications. If, for example, you send someone an e-mail message and that person responds with a message that includes personal information, this doesn't mean you have committed phishing. To be found guilty of this crime you must intentionally solicit the sensitive information by portraying yourself to be someone you are not, with the intention to defraud the message's recipient.

For example, if you run a small business and send an e-mail to a customer asking for his or her credit card number, this is not phishing. However, if you pretend to be a representative of a bank or a government agency and you are not, that is phishing.

Websites

Phishing laws also apply to websites that are set up to acquire sensitive information. For example, an email might direct people to visit a website that asks them to enter their names, social security numbers, and bank account numbers. These websites are designed to look like legitimate websites, such as those owned by a bank or company. Anyone creating or operating a site is also guilty of phishing.

Attempt and Acquisition

Like other forms of identity theft, phishing does not rely upon a successful attempt. In other words, you can be convicted of phishing if you send out an e-mail simply in an attempt to persuade others to provide you with the desired information. The person who receives the message does not have to respond to you, and even if a response is sent, you do not have to use the sensitive information to be convicted of phishing.

State Laws

While all states have laws that prohibit fraudulently acquiring someone else's personal information, not all states have laws that specifically address phishing. According to the National Conference of State Legislatures, a minority of states currently have specific phishing laws. However, even in those states that do not have specific phishing laws, other criminal laws can apply to phishing activity (computer crimes, identity theft), meaning the activity is a crime in every state. States without these laws may also adapt phishing laws as the crime becomes more common.

Federal Laws

While phishing is covered under various state laws, there is no single federal statute that directly criminalizes this type of activity. However, there are broader federal criminal laws that do apply to phishing and other identity theft crimes. For example, because phishing involves solicitations that are usually sent over the Internet, the federal law against wire fraud is often used to punish phishing crime on a federal level.

Penalties

The penalty for a phishing crime depends greatly on the nature of the circumstances surrounding the case. State laws differ significantly, and while most laws that specifically target phishing categorize the crime as a felony, some of these crimes might be punished as a misdemeanor or felony in other states. Misdemeanors are considered less serious than felonies, though a conviction for either brings the possibility of significant criminal penalties.

  • Jail or prison. A phishing conviction can easily result in a year or more in prison if you're convicted of a felony. Laws differ widely, but penalties of up to five years in prison are possible with felony convictions. Misdemeanor convictions can result in up to a year in jail.
  • Fines. Being convicted of a phishing crime can also lead to a significant fine. Misdemeanor fines typically do not exceed a couple of thousand dollars, while felony fines can be as much as $10,000 or more per offense.
  • Restitution. If the phishing activity resulted in a victim losing money the court will impose a restitution order. This order requires you to pay the victim to compensate for the loss. The amount of restitution will differ from case to case, but they are always made in addition to any fines imposed.
  • Probation. A phishing conviction can also result in a probation sentence, especially where a person has not been convicted of crimes before. Probation typically lasts from 1 to 3 years, though in some cases it might last longer. When you are on probation you have to comply with specific probation terms. These terms can often differ, but usually include such requirements as regularly reporting to probation officer, maintaining employment, paying all required fines and restitution, and not committing any more crimes while you are on probation.

Talk to an Attorney

If you are charged with, or suspected of, a phishing crime, you should consult with an experienced criminal defense attorney near you. Local attorneys will know what laws apply in your case and can advise you what to do based on their experience with the local criminal justice system.

DEFEND YOUR RIGHTS
Talk to a Defense attorney
We've helped 95 clients find attorneys today.
There was a problem with the submission. Please refresh the page and try again
Full Name is required
Email is required
Please enter a valid Email
Phone Number is required
Please enter a valid Phone Number
Zip Code is required
Please add a valid Zip Code
Please enter a valid Case Description
Description is required

How It Works

  1. Briefly tell us about your case
  2. Provide your contact information
  3. Choose attorneys to contact you