Online Fraud: How Federal Charges Work and How to Defend Them

The federal statutes most often used to prosecute online fraud are the wire fraud statute, the Computer Fraud and Abuse Act, the bank fraud statute, the identity theft statutes, and the money laundering statutes, each reaching a different aspect of an online scheme.

Wire fraud, under 18 U.S.C. § 1343, is the workhorse charge, reaching any scheme to defraud that uses interstate wire communications, which nearly all online activity does. The Computer Fraud and Abuse Act, 18 U.S.C. § 1030, addresses unauthorized access to protected computers; after the Supreme Court's Van Buren decision, "exceeds authorized access" is read more narrowly, focused on accessing areas one has no authorization to reach rather than merely violating a policy or terms of service. The bank fraud statute covers schemes to defraud financial institutions. Money laundering under 18 U.S.C. § 1956 reaches not just moving proceeds but concealing their source, promoting the underlying scheme, or evading reporting requirements. Conspiracy and aiding-and-abetting theories can extend liability to people in supporting roles, developers, marketers, payment processors, account "mules," recruiters, and affiliates among them.

The specific statutes charged drive the exposure and the defense. Anti-money laundering counts and aiding and abetting fraud theories frequently expand an online fraud case well beyond the central actor.

Online fraud convictions carry serious penalties, including substantial prison terms, large fines, and mandatory restitution to victims, with the sentence driven heavily by the amount of loss, the number of victims, and the defendant's role in the scheme.

The penalties are severe and statute-specific. Wire fraud generally carries up to 20 years in prison, but the maximum rises to 30 years and a $1,000,000 fine if the offense affects a financial institution or involves certain disaster-related benefits; bank fraud carries up to 30 years and a $1,000,000 fine. Aggravated identity theft under 18 U.S.C. § 1028A adds a mandatory two-year term that generally must run consecutively to the underlying sentence. Beyond the statutory maximums, federal sentencing is shaped by guidelines that weigh the loss amount, the number of victims, the sophistication of the scheme, and the defendant's role, so the calculated loss can dramatically affect the sentence. Courts also order restitution under the Mandatory Victims Restitution Act, which makes restitution mandatory for many fraud offenses and can follow a defendant for years.

The loss amount often matters more than any single statutory maximum. Fraud sentencing guidelines and criminal restitution obligations shape the real-world outcome as much as the charges themselves.

If you learn you are under investigation for online fraud, through a target letter, a subpoena, a search warrant, or an agent's visit, the most important steps are to avoid speaking to investigators without counsel, preserve relevant records, and avoid any action that could look like obstruction.

The instinct to explain or cooperate immediately is understandable but often harmful. Anything said to federal agents can be used to build the case, and even truthful but imprecise statements can create exposure, including separate charges for false statements under 18 U.S.C. § 1001. The better course is to exercise the right to remain silent and to obtain representation before responding, and to avoid casually consenting to searches or handing over devices without understanding the consequences. At the same time, destroying documents, deleting data, or contacting witnesses can create obstruction or tampering charges that are sometimes easier to prove than the underlying fraud, so preservation, not destruction, is essential.

The earliest decisions carry the most weight. Federal and state fraud defense and a measured response to investigators can shape charging decisions before an indictment is ever returned.

Prosecutors often charge multiple counts and multiple statutes from a single online scheme, but cases also resolve in many ways short of trial, through declination, reduced counts, plea negotiation, cooperation, or a restitution-focused resolution, so understanding both the stacking and the off-ramps matters.

Charge-stacking is a defining feature: a single scheme might yield numerous wire fraud counts, one per electronic communication, plus computer fraud, bank fraud, identity theft, and money laundering counts, and conspiracy charges sweeping in others. The effect is to increase exposure and pressure to plead. But many online fraud cases never reach trial. A defense may seek declination before charges, argue that counts are duplicative or the loss is inflated, negotiate a plea to fewer counts, or use cooperation or restitution to reduce exposure. A central task is scrutinizing whether each charge is actually supported and whether the alleged loss is overstated, because the count structure and loss figure drive both sentencing and plea leverage.

The structure of the indictment and the available off-ramps both shape the outcome. Criminal securities and financial fraud cases show how a single scheme can be charged many ways and resolved on many different terms.

Intent to defraud is the central issue in most online fraud cases because fraud is a specific-intent crime, meaning the government must prove the defendant knowingly and willfully participated in a scheme to deceive, not merely that a loss occurred.

A loss or a failed transaction is not fraud unless it was the product of a knowing scheme to deceive. This makes the defendant's state of mind the decisive question. A person who genuinely believed a business was legitimate, who relied in good faith on information from others, or who made an honest mistake lacks the fraudulent intent the crime requires. Prosecutors, however, may try to prove intent through "willful blindness," arguing the defendant deliberately ignored obvious red flags, so the defense must address not only actual knowledge but how the conduct is characterized. Because intent is usually proven through circumstantial evidence, emails, patterns, and conduct, the defense often involves offering an innocent explanation for the same facts the government casts as fraudulent.

The state-of-mind question frequently decides the case. Attempted fraud charges and completed fraud counts alike require proof of intent to deceive, which is where many defenses concentrate.

Identity and evidence issues are especially important in online fraud cases because digital evidence, an IP address, an account login, or a device, often does not conclusively prove who actually committed the act, creating real questions about whether the right person is charged.

Online fraud cases rest on digital evidence, but that evidence has limits. An IP address identifies a connection, not a person; an account can be accessed by others or compromised; a device may be shared. These gaps can support a misidentification defense or undermine the government's proof that the defendant, rather than someone else, carried out the scheme. The defense also scrutinizes how the evidence was obtained, whether searches and data collection were lawful, and whether the chain of custody and forensic analysis are reliable. In a field built on digital traces, challenging the link between the data and the defendant is often a central part of the defense.

The gap between digital traces and a specific person is a frequent defense focus. Cybercrime and cyber financial crime cases turn heavily on whether the digital evidence actually proves who acted.

Online fraud, as a criminal matter, is using the internet or electronic communications to obtain money, property, or data through deception. There is no single "online fraud" statute; instead, prosecutors charge the conduct under whichever laws fit, commonly wire fraud, the Computer Fraud and Abuse Act, bank fraud, identity theft, and money laundering. A single online scheme frequently violates several of these at once, because it can involve wire communications, computer access, financial institutions, and personal information simultaneously. That is why online fraud cases often involve multiple stacked charges from one course of conduct, each a felony with its own penalties. The breadth of these statutes, especially wire fraud, lets prosecutors reach a wide range of online conduct.

Take it very seriously and be careful about what you do next. A target letter means prosecutors consider you a likely subject of charges, and the investigation is well underway. The most important steps are to avoid speaking to investigators without representation, because even truthful but imprecise statements can deepen your exposure or create separate false-statement charges under 18 U.S.C. § 1001, and to preserve, not destroy, any records, since deleting data or contacting witnesses can lead to obstruction charges that are easier to prove than the underlying fraud. You should also avoid casually consenting to searches or turning over devices without understanding the consequences. The pre-indictment stage is critical, because how the investigation is handled can influence whether charges are filed and on what terms.

The penalties are serious and depend on the specific statutes charged. Wire fraud generally carries up to 20 years in prison, rising to 30 years and a $1,000,000 fine when a financial institution or certain disaster-related benefits are involved, and bank fraud carries up to 30 years and a $1,000,000 fine. Aggravated identity theft adds a mandatory two-year term that generally runs consecutively. Beyond statutory maximums, federal sentencing is driven heavily by the calculated loss amount, the number of victims, the sophistication of the scheme, and the defendant's role. Courts also order restitution under the Mandatory Victims Restitution Act, which is mandatory for many fraud offenses. Because prosecutors often stack multiple counts from one scheme, the combined exposure can be far greater than any single charge suggests.

Possibly, but a genuine lack of knowledge is a strong defense, because fraud requires intent to defraud. The government must prove you knowingly and willfully participated in a scheme to deceive, not merely that you were involved in a transaction that turned out to be fraudulent. If you genuinely believed the business was legitimate, relied in good faith on others, or made an honest mistake, you lacked the fraudulent intent the crime requires. That said, prosecutors may try to prove knowledge through circumstantial evidence, and "willful blindness" to obvious red flags can sometimes substitute for actual knowledge. So while lack of knowledge is a central defense, its strength depends on the specific facts, what you knew, and how the evidence is interpreted.

Through digital and financial evidence, but that evidence has real limits. Investigators gather bank and payment records, subpoena platforms for account and device data, trace wire transfers and cryptocurrency, and seek cooperation from participants. However, this evidence often does not conclusively identify who acted: an IP address identifies a connection rather than a person, accounts can be accessed by others or compromised, and devices can be shared. These gaps can support a misidentification defense or undermine the government's proof. The defense also examines whether the data was lawfully obtained and whether the forensic analysis is reliable. Because online fraud cases are built on digital traces, the link between that data and a specific defendant is frequently contested.

It can be either, but it is very often federal. Because online activity almost always crosses state lines through interstate wire communications, federal statutes like wire fraud apply readily, and federal agencies and prosecutors handle many significant online fraud cases. States also have their own fraud, computer crime, and identity theft laws, and some cases are prosecuted at the state level or by both. Federal cases tend to carry the most severe exposure, driven by the sentencing guidelines and mandatory restitution. Which sovereign prosecutes depends on the scheme's scope, the amount of loss, the agencies involved, and charging decisions, so an online fraud matter can involve federal authorities, state authorities, or both at once.