I’m not a lawyer so what follows may be drivel but leaving aside the points about trademark infringement, surely obtaining personal details by deception is an offence under Data Protection Legislation? Using or selling of the same, also an offence under Data Protection Legislation (when I last looked, Internet fraud was not one of the ‘purposes’ you get to register for on the immensely tedious, multi-page DP registration form we have to complete in the UK). Stealing from other people’s bank accounts, irrespective of how you get hold of the login details – that can’t be legal can it?
Are there any countries where phishing is specifically an offence? Are there any where anti-phishing laws have been considered and discounted on the basis that existing law covers the issue adequately? Please do comment!