25 Jun 20

What is Phishing? + Laws, Charges & Statute of Limitations

| by

Last Updated on: 5th August 2023, 07:54 pm

Phishing is a crime that happens when a person sends a text message, email, or any other form of communication to another person with the intention of convincing them to reveal their personal information without their knowledge.

The Phishing message is concealed as official or important to the recipient. For instance, a person using a Phishing scam can decide to send a series of emails to a group of individuals and make them look like they came from a renowned company such as Amazon or Facebook.

In most cases the phishing message wants the recipient (s) to provide sensitive information such as login details, personal identification numbers, social security numbers, bank accounts, and other important information.

Phishing Laws

Every state has laws designed to prevent people from acquiring personal information from others. Nonetheless, a majority of states do not have laws that are specific in nature to curb phishing.

In cases where there are no phishing laws in place, other criminal laws are used to prosecute cases.

This is a clear indication that phishing is a criminal act all over the country. Many states across the country are coming up with more specific phishing laws to help curb the increasing rate of cyber-crime activities.

It is also important to note that there is no particular federal statute that regards phishing activities as illegal. The only thing that’s available is laws that that be applied to crimes of that nature.

Charges of phishing crimes

Punishment and penalties for phishing depend on the nature of the criminal act. Different states have their own laws – but a majority of them categorize phishing as a felony with exceptions.

In a situation where the crime is not very serious, the offender may be convicted for a misdemeanor.

Below are the common punishment for phishing crimes:

• A prison or jail term ranging from one to five years
• Restitution – this means the offender must pay back any funds that the individual or institution might have lost as a result of the phishing crime
• Fines that are usually not less several thousand dollars for misdemeanor crimes and as much as $10,000 for every felony offense.
• Probation – that ranges from one to five years. The offender is supposed to abide by all the probation terms during this period.

Guidelines for phishing sentencing

Proving culpability for phishing crimes is not easy. This is because in most cases the perpetrators use sophisticated means to hide their identities. Besides, some operate in foreign countries that have different or no phishing regulations.

That’s the reason why most phishing trials never kick off until the prosecution is confident that they are able to get a conviction. This often leads to defendants asking for plea bargains and if successful they might only get a probation sentence.

Additionally, judges are often lenient in their sentencing if the offender cooperates with investigators to identify other criminals.

Limitations of Phishing statute

In most states, the statute of limitations for phishing crime is five years. The statute is often tolled in case the offender is not in the country or in a different state. This applies to situations where phishing activities are launched from abroad.

How, where and why phishing occurs

Identity theft

Phishing is a disguised form of identity theft. Identity theft is a situation where a person tries to use another person’s personal information in an illegal or fraudulent manner.

Knowing and intentional phishing

Phishing happens when a person intentionally tries to solicit sensitive information by the use of misleading or fraudulent communication.

For someone to be found culpable of this offense, the prosecution must prove that the accused person intentionally sought personal information using a false identity.


Most perpetrators use websites to commit phishing crimes. That’s why most phishing laws target websites used to fraudulently acquire information from unsuspecting online users.

For instance, an offender might send an email to people asking them to visit a certain website and fill their personal details such as names, bank accounts, and social security numbers among others.

The websites are designed to resemble those of banks and other major companies.

Phishing has proved to be one of the most difficult crimes to prosecute. This is due to a lack of specific laws to prosecute offenders.