Phishing has grown to become a serious fraud on consumers and on electronic commerce all over the world. This thesis has attempted to discuss phishing issues in both technology and legal aspect and has found effective solutions to reduce or eliminate phishing attacks. Fighting against phishing attacks is a technical fight. While the phishers develop their sophisticated attacking technique, financial institutions and ISPs also improve their technical measures and seek to external experts for improving online system security. Current legislation does not provide the victims with adequate criminal remedies. From a legal perspective, a lack of uniformity among state anti-phishing legislation let phishers do some crime action without penalties or get less penalties. In law enforcement, the globalization of Internet and phishing technology has given rise to many unique problems that make investigation and prosecution ineffective. Phishing raise jurisdictional conflicts for law enforcement both at interstates and international level. Additionally, I have attempted to analyze civil responsibility of phisher, customer, business and ISPs, and provide civil remedies for victims to reduce damages caused by phishing.