Phishing/Social Engineering Calculator
Calculate sentencing for phishing and social engineering attacks.
Need Help Understanding Your Sentencing Range?
Our federal defense attorneys have decades of experience navigating the federal sentencing guidelines.
Call (212) 300-5196Get Personalized Legal Guidance
Our attorneys can analyze your specific situation and identify strategies to reduce your sentence.
Phishing/Social Engineering – What You Need to Know
If you’re dealing with a federal case involving phishing/social engineering, you’re facing a legal system that many attorneys frankly don’t understand well enough to handle competently. Calculate sentencing for phishing and social engineering attacks.
Federal cases in this area – whether it’s cybercrime under the CFAA, post-conviction matters like compassionate release or §2255 motions, or Bureau of Prisons sentence computation issues – require specialized knowledge that goes beyond general criminal defense. At Federal Lawyers, this is something we take very seriously. Our attorneys have specific experience handling these exact types of cases, and we know how to navigate the complexities involved.
How These Cases Work in Federal Court
The legal framework for phishing/social engineering involves specialized statutes and guideline provisions that require deep familiarity. For cybercrime cases, the loss calculation under §2B1.1 is often the most contested issue – is “loss” the cost of remediation, the value of stolen data, the revenue the victim lost, or the defendant’s gain? Each methodology produces dramatically different numbers, and the choice of methodology often determines the guideline range.
For post-conviction matters – compassionate release, §2255 habeas motions, sentence computation disputes, supervised release revocation – the procedural requirements are exacting. Missing a filing deadline, failing to exhaust administrative remedies, or applying the wrong legal standard can result in dismissal regardless of the merits. These cases demand attorneys who understand both the substantive law and the procedural landscape.
The Supreme Court’s decision in Van Buren v. United States (2021) narrowed the scope of the CFAA, potentially providing defenses for conduct that was previously charged as federal computer fraud. If you’re facing CFAA charges, this decision could be directly relevant to your case.
What Most People Don’t Realize About Phishing/Social Engineering
In cybercrime cases, the biggest mistake is letting the government define the loss amount without challenge. The CFAA and §2B1.1 provide multiple methodologies, and the government will naturally choose the one that produces the highest figure. You need a technology expert and a forensic accountant to develop an alternative calculation.
In post-conviction cases, the most common error is procedural – filing after the limitations period, failing to exhaust remedies, or raising claims that could have been raised on direct appeal. These procedural defaults can be fatal to meritorious claims. At our law firm, we handle the procedural requirements with the same attention to detail as the substantive arguments.
Why You Need the Right Federal Defense Attorney
These cases require subject-matter expertise that goes beyond general federal defense. You need an attorney who understands the technology in cybercrime cases, the procedural requirements in post-conviction matters, and the BOP’s internal processes for sentence computation issues. Generalists miss things that specialists catch – and in federal court, missing something can cost years.
At Federal Lawyers, we have the specialized expertise to handle these cases at the highest level. Our attorneys stay current on developments in cybercrime law, post-conviction litigation, and BOP policy. If you’re facing one of these issues, we can help – and the first consultation is free.
Get Help Now – Risk Free Consultation
If you’re dealing with a situation involving phishing/social engineering, you need an attorney who gets it – and has experience handling these exact types of cases. At Federal Lawyers, our criminal defense attorneys have over 50 years of combined experience handling federal cases nationwide. We’ve handled some of the toughest cases in the country, and we’re not afraid to fight for the best possible outcome.
When you reach out to our law firm, the process begins with a risk-free consultation. You can ask us anything, regardless of how long it takes. We are available 24/7 to help you. Call us at (212) 300-5196 – your first consultation is free, and completely confidential.
Disclaimer: This calculator provides estimates based on the United States Sentencing Guidelines. It does not constitute legal advice. Federal sentencing involves many factors not captured here – including judicial discretion, cooperation agreements, and individual case circumstances. Always consult with a qualified federal criminal defense attorney.
Frequently Asked Questions
How are phishing and social engineering attacks prosecuted under federal law?
Phishing is prosecuted under: §1028(a)(7) (fraud in connection with identification documents, up to 15 years), §1028A (aggravated identity theft, mandatory 2-year consecutive), §1030(a)(4) (CFAA access fraud, up to 5 years), and §1343 (wire fraud, up to 20 years). For aggregated identity theft schemes, each stolen identity can constitute a separate count. Under USSG §2B1.1, the number of victims and loss amount drive the offense level, with sophisticated means (+2) and mass-marketing (+2) enhancements commonly applied. Phishing kit evidence, domain registration records, and email header analysis provide attribution evidence. Defense counsel should challenge whether the defendant created versus merely purchased/used the phishing tools, contest victim count methodology (attempted versus successful phishing), and argue that certain phishing test activities were authorized penetration testing.
What is the legal significance of the §1028A aggravated identity theft mandatory minimum in phishing cases?
Section 1028A imposes a mandatory 2-year consecutive sentence for using another person's "means of identification" during any of 50+ predicate felonies. In Dubin v. United States (2023), the Supreme Court narrowed §1028A, holding it applies only when the defendant's use of another's identity is "at the crux of what makes the conduct criminal"—incidental use of identity information during another fraud does not qualify. Pre-Dubin, prosecutors routinely stacked §1028A counts to generate enormous mandatory consecutive sentences. Defense counsel should aggressively challenge §1028A counts under Dubin, arguing the identity use was incidental to the fraud scheme rather than central to it. For phishing cases specifically, the use of the victim's credentials to access accounts likely remains "at the crux," but using an employer's name on a fraudulent invoice may not.
