Phishing Law and Legal Definition

Phishing is the act of attempting to fraudulently acquire through deception sensitive personal information such as passwords and credit card details by assuming another's identity in an official-looking email, IM, etc. The user is provided with a convenient link in the same email that takes the email recipient to a fake webpage appearing to be that of a trustworthy company. When the user enters his personal information on the fake page, it is then captured by the fraudster. A message used for phishing purposes often asks the recipient to "verify your account" or to "confirm billing information".

The Anti-Phishing Act of 2005, put forth by Sen. Patrick Leahy (D-Vt.), calls for the criminalization of two essential parts of phishing attacks: establishing and creating web sites with the intent to gather information from victims to be used for fraud or identity theft; and the creation or soliciting of e-mail that represents itself as a legitimate business with similar intent.