If you already know phishing is illegal, I still impart upon you the need to read this, as you may not understand just how illegal it is.
Note: This is U.S. law only. It is up to you to find out your laws.
There is an incredible amount to this writing, so only snippets are included. If you REALLY want to know about it, try to read LegalArchiver.Org: Can-Spam Act 2003. I guarantee you won't get through it.
Illegal Activities:
`(a) IN GENERAL- Whoever, in or affecting interstate or foreign commerce, knowingly--
`(1) accesses a protected computer without authorization, and intentionally initiates the transmission of multiple commercial electronic mail messages from or through such computer,
`(2) uses a protected computer to relay or retransmit multiple commercial electronic mail messages, with the intent to deceive or mislead recipients, or any Internet access service, as to the origin of such messages,
`(3) materially falsifies header information in multiple commercial electronic mail messages and intentionally initiates the transmission of such messages,
`(4) registers, using information that materially falsifies the identity of the actual registrant, for five or more electronic mail accounts or online user accounts or two or more domain names, and intentionally initiates the transmission of multiple commercial electronic mail messages from any combination of such accounts or domain names, or
`(5) falsely represents oneself to be the registrant or the legitimate successor in interest to the registrant of 5 or more Internet Protocol addresses, and intentionally initiates the transmission of multiple commercial electronic mail messages from such addresses,
(1) PROHIBITION OF FALSE OR MISLEADING TRANSMISSION INFORMATION- It is unlawful for any person to initiate the transmission, to a protected computer, of a commercial electronic mail message, or a transactional or relationship message, that contains, or is accompanied by, header information that is materially false or materially misleading. For purposes of this paragraph--
(A) header information that is technically accurate but includes an originating electronic mail address, domain name, or Internet Protocol address the access to which for purposes of initiating the message was obtained by means of false or fraudulent pretenses or representations shall be considered materially misleading;
(B) a `from' line (the line identifying or purporting to identify a person initiating the message) that accurately identifies any person who initiated the message shall not be considered materially false or materially misleading; and
(C) header information shall be considered materially misleading if it fails to identify accurately a protected computer used to initiate the message because the person initiating the message knowingly uses another protected computer to relay or retransmit the message for purposes of disguising its origin.
Then, if you are found guilty, they can increase your sentence if you are found to have:
(I) harvesting electronic mail addresses of the users of a website, proprietary service, or other online public forum operated by another person, without the authorization of such person
Charges:
`(b) PENALTIES- The punishment for an offense under subsection (a) is--
`(1) a fine under this title, imprisonment for not more than 5 years, or both, if--
`(A) the offense is committed in furtherance of any felony under the laws of the United States or of any State; or
`(B) the defendant has previously been convicted under this section or section 1030, or under the law of any State for conduct involving the transmission of multiple commercial electronic mail messages or unauthorized access to a computer system;
`(2) a fine under this title, imprisonment for not more than 3 years, or both, if--
`(A) the offense is an offense under subsection (a)(1);
`(B) the offense is an offense under subsection (a)(4) and involved 20 or more falsified electronic mail or online user account registrations, or 10 or more falsified domain name registrations;
`(C) the volume of electronic mail messages transmitted in furtherance of the offense exceeded 2,500 during any 24-hour period, 25,000 during any 30-day period, or 250,000 during any 1-year period;
`(D) the offense caused loss to one or more persons aggregating $5,000 or more in value during any 1-year period;
`(E) as a result of the offense any individual committing the offense obtained anything of value aggregating $5,000 or more during any 1-year period; or
`(F) the offense was undertaken by the defendant in concert with three or more other persons with respect to whom the defendant occupied a position of organizer or leader; and
`(3) a fine under this title or imprisonment for not more than 1 year, or both, in any other case.
Source: LegalArchiver.Org: Can-Spam Act 2003<---The entire Congressional Anti-Spam Act of 2004
TL;DR: Sorry for the wall of text, and if you didn't bother to read through it then at least look down.
Phishing is illegal. Phishing is punishable by law. Although you probably won't be prosecuted for stealing WoW accounts, that does not change the fact that it is illegal, and you can go to jail.
Reference Materials:
LegalArchiver.Org: Can-Spam Act 2003<---The entire Congressional Anti-Spam Act of 2004
New Leahy Bill Targets Internet Phishing That Steals $2 B..yr. From Consumers <---Introduction of The Anti-Phishing Act of 2004
Man phishes 101 years in federal prison - TECH.BLORGE.com <---Good Example of what can happen.
There is No Money in Phishing (But It Still Won't Go Away) - ReadWriteWeb <---
What Is Phishing? <---Another thing about Phishing.