What is Phishing, and Is It a Crime? 

Hook, line, and sinker. Phishing is a serious crime with serious consequences not only for those who commit the activity, but the victims of the offense as well. It may sound like a game of chance, but phishing activity is complex and targeted. 

What is Phishing? 

Phishing is the attempt to steal sensitive information through scam emails or text messages. User names, passwords, bank account numbers, and inside company information are the trophies of a phishing attack. A phishing email or text is sent to the target that contains a link to a malicious website containing malware which can sabotage computer systems, or trick the user into revealing valuable information. 

Phishing attacks can happen to any size organization, or even to a singular individual. A mass phishing attack could indiscriminately send emails to millions of inboxes, or it could target a specific employee at one company. The emails or text messages are realistic, persuasive, and include information that you wouldn’t expect a stranger to know. 

As of 2023, the average cost of a data breach in the United States was $9.48 million, an increase over the previous year of $9.44 million. Phishing is a data breach because it is a security incident that results in unauthorized access to confidential information. Nearly 90% of all cyber attacks begin with phishing. 

The State of New Jersey recognizes phishing as a computer crime which at the state level can be punishable by prison time and fines. Phishing may also result in federal charges with even harsher penalties if convicted. 

Penalties for Phishing

Because such a high percentage of cyber attacks begin with phishing, it’s highly likely that if someone is convicted of phishing, there are other cyber crimes they are guilty of as well. The penalties for phishing, considered a computer crime in New Jersey, vary depending on a few factors. The severity of loss to the victim(s), as well as where the crime took place all come into consideration when assigning a penalty. 

If the crime took place within the state, without crossing state lines, and without causing a loss of considerable value, it most likely will be handled by the State. If the crime took place in New Jersey, but crossed state lines by affecting people or organizations in other states, or caused a considerable monetary loss, it would most likely be considered a federal crime with federal charges. 

According to section 2C: 20-25 of New Jersey’s statutes, it is a third degree offense to access any personal identifying information while executing a scheme to defraud or to obtain services, property, or money from the owner of the computer or any third party. A third degree offense is punishable by 3 to 5 years in prison and up to $15K in fines. 

If the information taken from the computer includes personal identifying information, medical diagnoses, treatments or other medical information identifying information or governmental records that is protected from disclosure, it is a second degree offense. A second degree offense in New Jersey is punishable by 5-10 years in prison and up to $150K in fines. 

If a computer crime affects 10 or more structures, lasts for more than 2 hours, creates a risk of death or bodily injury, causes bodily injury to anyone, and causes damages in excess of $250K, it is considered a first degree offense in New Jersey. This type of offense is punishable by 10-20 years in prison and up to $200K in fines. 

Ways to Avoid Phishing 

Not allowing yourself to become a victim of phishing takes some insight on your part. Some easy, albeit important, steps you can take to lessen your chances of being a victim of phishing include: 

  • Think Before you Click–do not click on random emails and instant messages. Important government agencies, businesses, etc. will not send you an email if there is a problem. Go to the source when in doubt. 
  • Verify a Site’s Security–look for the closed lock icon near the URL, and make sure the URL begins with “https”. 
  • Check Your Online Accounts Regularly–get into the habit of checking your online accounts as well as changing the passwords frequently. 
  • Be Wary of Pop-Ups–many phishing attempts begin with a pop-up. 
  • Never Give Out Personal Information–as a general rule, you should never share any personal or financial information over the Internet. 

What To Do If You’re Accused of Phishing 

If you or someone you know has been accused of phishing, it is imperative to get legal assistance from an experienced, and tech-savvy, attorney. For a phishing conviction to occur, many things must be proven including having the intent, opportunity, and knowledge to carry out a phishing attack. 

The legal team at the Law Offices of Robert J. DeGroot has the experience and expertise to assist you in your defense of phishing charges. 

The Law Offices of Robert J. DeGroot offers a wealth of experience when it comes to handling criminal defense cases. Reach out to us today to learn how we can help!