punishment for cyber crime featured image

What Is the Punishment for Cyber Crime?

Legal AssistantAdministrative Law, Criminal Law, Regulatory Law, Resources

According to the FBI Internet Crime Report, the country loses more than $3.5 billion every year in internet crimes. The bureau’s Internet Crime Complaint Center (IC3) receives an average of 1,300 reports a day from individuals and businesses that have fallen victim to cyber crime.

Criminals are getting smarter by the day and are employing a host of highly sophisticated tactics to defraud unsuspecting victims of their hard-earned cash. Forget about those old infamous Nigerian Prince scams. Internet crime has evolved and takes on many forms, including hacking, identity theft, and computer fraud.

Federal and state governments have put laws in place that criminalize certain online activities. You need to read up on these statutes to understand what qualifies as cyber crime and the associated penalties. Here’s everything you need to know.

What Is Cyber Crime – an Overview

Cyber crime is defined as any criminal offense committed via the internet or aided in some way by various forms of computer technology. This definition has been expanded in recent years to include online harassment on social networks like Instagram, Facebook, and Twitter.

Sending sexually explicit photos using a smartphone also counts as cyber crime. Here are the most common examples of cyber crime you might encounter.

Phishing Scams

This is arguably the most common form of internet crime. It involves a fraudster posing as a legitimate and often well-known entity to trick unsuspecting victims into divulging personal information, including usernames, passwords, bank account information, and credit card numbers.

phishing scam

This mode of deception is a form of social engineering where cybercriminals manipulate victims into doing something.

Phishing Scam Example

Here’s a common phishing technique hackers employ to gain access to your bank account or steal your credit card information.

You hold a checking account at JPMorgan Chase. You receive an email one morning from what appears to be the fraud department at the bank alerting you on “… unauthorized or suspicious activity on your account…”

It might even notify you of “… a large purchase made using your credit card…” and subsequently instruct you to confirm your bank account or credit card details to allow the bank to “investigate” this activity and recover your lost funds.

Phishing scams take advantage of human psychology. Such emails are designed to look identical to the format used by the organization that the criminal is purporting to represent. When you click on the link provided, it directs you to a fake website that looks identical to the real one but with a slightly different address.

So, while the real JPMorgan address is jpmorganchase.com, the fake website may have a URL like jpmorganchaze.com, or any other with a subtle variation that you might not notice right off the bat.

Once you enter your username and password, the hacker would retrieve these credentials from the back-end of the fake site and use them to log into your actual account via the real website.

Online Identity Theft

Gone are the days when your biggest concern was having your wallet stolen on the subway and criminals using your credit card or driver’s license for their sinister motives. Fraudsters can now steal your identity by gaining access to personally identifiable information (PII) through the internet. They do this in any number of ways.

online identity theft

1. Unsecure Websites

When shopping on online sites that don’t have the “https:” prefix on the URL, any information you enter there is accessible to unauthorized third-parties. So, when you input your name, address, date of birth, and credit card information, hackers may gain access to the site’s database and steal your information.

2. Malicious Software

Spyware and other forms of malware can get installed on your device without your knowledge. This can happen in several ways, for instance:

  • Clicking on a pop-up ad
  • Downloading software or files laced with spyware
  • Filling out a form to access downloadable content
  • Opening email attachments from unknown sources
  • Visiting sketchy websites

Spyware runs discreetly in the background without your knowledge. It records all your browsing activities and monitors all the keystrokes on your mobile device or PC. Fraudsters are, therefore, able to collect your PII and use it to commit online fraud.

3. Weak Passwords

Using a weak easy-to-guess password for your financial and social accounts leaves you vulnerable to getting hacked. This is particularly common in accounts that don’t have any active multi-factor authentication security feature.

4. Discarded Mobile Devices and Computers

If you discard your device without wiping all your PII data, it can be an entry point for a fraudster to steal your identity and use it to commit crimes once they get their hands on it.

5. Targeting Kids Online

Children can innocently divulge sensitive personal information without even realizing it. Cybercriminals are increasingly targeting kids to get them to install spyware into their devices without their knowledge. They might achieve this by luring them into clicking on enticing ads or downloading an exciting game designed to capture their attention.


The cyberstalking definition is broad. The crime takes many forms but generally refers to harassment and bullying that takes place via online channels.

cyber crime ransomware

Most cyberstalking cases often start as seemingly harmless interactions between the perpetrator and the victim. These interactions then evolve into threatening messages or negative comments on social media that become annoying and sometimes, downright scary.

Once these messages make you feel harassed, and the perpetrator doesn’t heed your demands for them to stop, then it becomes cyberstalking. It doesn’t always have to involve direct communication. You might not even be aware that you’re being cyberstalked.

If an individual monitors your online activities to gather personal information on you to perpetrate crimes like identity theft, that also constitutes cyberstalking.

Online Harassment Laws

In 1990, California became the first state in the US to enact a specific stalking law. Since then, all 50 states and the District of Columbia have enacted similar laws. However, not all states have specific cyberstalking legislation, and there still isn’t a specific federal law that addresses cyberstalking in all its forms.

Because of this, prosecutors have come to rely on various state penal statutes that prohibit harassment, threats of a terrorist nature, or any actions that would be deemed as intimidating. Such laws also encompass threats convened through telephones, letters, and electronic communication technologies.

Despite this, legal scholars and critics argue that these statutes are inadequate for three main reasons.

  1. They don’t address the repetitive nature of cyberstalking
  2. The existing penal statutes don’t take into account the full range of bizarre behaviors encompassed in cyberstalking activities
  3. They recognize the activity as cyberstalking only if there’s an explicit threat issued by the perpetrator

Some of the states that currently have cyberstalking laws in place include Alabama, Arizona, Connecticut, California, Florida, Oklahoma, Texas, and Wyoming. However, some of these statutes only address the online harassment of minors. They don’t protect adult victims of cyberstalking.

There’s also the issue of online anonymity that makes it difficult for the victims to identify their stalkers. The ongoing debate is how those internet users can be traced without infringing on their constitutionally-protected civil liberties.

Cyberstalking Examples

Cyberstalking takes many forms. Here are some common examples:

  • False accusations – It involves a cyberstalker setting up a blog or website specifically to post false information about the victim. They may also do it in chat rooms and online forums that allow public users to create posts.
  • Flaming – It involves the stalker posting comments laced with profanity or aggression (flamebait) to incite the victim into a heated exchange with them.
  • Gathering information – In this method of cyberstalking, the perpetrator approaches the victim’s friends and family members to obtain personal information to use it against the victim later.
  • Monitoring – The stalker tracks the victim’s online activities to gather data like their passwords and other sensitive information, which they later use to harass the victim or impersonate them.
  • Obsessive text messages – In this form of cyberstalking, the perpetrator sends dozens of text messages to the victim to torment them with baseless accusations.

They may also send these messages through their social media accounts or obsessively comment on their posts to remind them (the victim) of their perpetual presence.

  • Playing the victim – The perpetrator makes false assertions that they are being harassed by the victim. They usually do this with friends, family, and co-workers to garner support.
  • Posting insults – The stalker posts derogatory, insulting, or defamatory statements about the victim. This is common in social media sites like Facebook, Instagram, and Twitter.
cyber crime hacking


Have you ever posted something that you would otherwise be embarrassed to say in public? Maybe it was in an online forum while hiding your real identity. If this is something you frequently do, you better be careful. Someone might just dox you.

If this is the first time you’ve come across the term, you’re likely wondering – what is doxing? The term is short for “dropping dox.” It refers to an online attack in which a hacker digs up personal information and sensitive documents – hence the “dox” – to expose the real identities of individuals who post anonymously.

The goal of doxing is often to shame or embarrass the victim in the hope that the individual in question loses their job or ends up being shunned by friends and co-workers.

In a doxing attack, a hacker may publish the victim’s Social Security Number, credit card information, phone number, real name, home address, personal photos, and even their social media profiles. You might be surprised at just how easy it is for cybercriminals to dig up information on you even when you think your online identity is hidden.

This begs the question – Is it illegal to dox someone? Well, it depends. If the information about you that’s exposed is part of the public record, then no – it is not illegal. So, marriage and divorce records, traffic violations, and arrest records are all fair game.

It is, however, illegal if the information exposed isn’t part of the public record. This includes details like your credit card and bank account information or birth certificate.

DDOS Attack

DDOS is short for Distributed Denial-of-Service. This is a malicious cyberattack where a hacker attempts to disrupt the normal traffic of a network, service, or targeted server, by overwhelming it with a flood of requests.

As a result, the network resources get clogged up, preventing regular traffic from accessing these resources. The most common symptom of a DDOS attack is a service or site suddenly becoming unavailable, extremely slow, or exhibiting other performance-related issues.

Punishment for Hacking

There are several federal laws in place that address hacking. Some of the notable ones include:

  • The Computer Fraud and Abuse Act (CFAA)
  • The Defend Trade Secrets Act (DTSA)
  • The Electronic Communications Privacy Act (ECPA)
  • The Stored Communications Act (SCA)

The CFAA, however, is the main federal anti-hacking statute that outlaws the unauthorized access of another individual’s or entity’s computer system. Here are some examples of CFAA violations and their respective penalties.

  • Obtaining national security information: 10 years for first-time offenders; 20 years for a second conviction
  • Trafficking in passwords: 1 year for first-time offenders; 10 years for a second conviction
  • Unauthorized access to a computer to defraud: 5 years for first-time offenders; 10 years for a second conviction
  • Unauthorized access to a computer to extort: 5 years for first-time offenders; 10 years for a second conviction
  • Unauthorized access to a computer to obtain information:10 years for first-time offenders; 20 years for a second conviction

The monetary penalty associated with a particular cyber crime depends on its severity. A misdemeanor conviction, for instance, could result in a fine of up to $1,000, while a felony conviction may have a fine that exceeds $100,000.

Get the Best Legal Representation for Your Case

If you’re a victim of an internet crime or currently stand accused, you need to first take action on your cyber security posture and then get in touch with a cyber crime lawyer as soon as you can. They are well versed in the laws related to computer crimes and can help you at every stage of your case.

If you have any legal queries, chat online with a Laws101.com attorney today.