Phishing campaigners are taking advantage of legislation intended to protect users.
A US phishing campaign is mimicking a Canadian scam taking advantage of the country’s new anti-spam laws, according to security firm Symantec.
Users are sent emails asking for consent to future correspondence with a bank, under the pretence that an American anti-spam law has just come into effect.
Binny Kuriakose, senior security response technician at Symantec, said: "Phishing emails masquerading as banking communications are observed in huge quantities every single day.
"Spammers will often exploit global news and major world events to carry out phishing attacks."
A link in the email sends users to a page purporting to confirm consent of emails to be sent, with users being asked to divulge personal information then used to access their bank account.
The domain name of the phishing page gives away the fraudulent nature of the site, with the link disguised through a URL shortening service.