Unsolicited e-mail, called spam, is more than just an annoyance for recipients; some of these e-mails are designed to lure recipients into providing confidential personal and financial data. The sender creates e-mails, resembling those from a well-known companies, requesting that the recipient click on a URL provided, which links to a dummy company Web site where the recipient is asked to input personal information. The e-mail sender may then use the information for illegal purposes. This activity, called “phishing,” is on the rise and is expensive for both individuals and industry. Even though most states have provisions in their anti-spam statutes prohibiting the sending of fraudulent unsolicited e-mails, more states are enacting laws aimed specifically at phishing. This article examines the state laws aimed at stopping phishing as well as proposed federal legislation. The article also considers the sufficiency of Internet crime control measures. It concludes with possible solutions to the phishing problem.