A Advances in information technology have also led to cybercrime, such as phishing, which is online fraud to obtain personal data with the mode of extortion and threatening. this research discusses two problem formulations: how the application and elements of the crime of online fraud using the phishing method in indonesia, and whether the principle of lex consumen derogat legi consumte has been applied in decision no. 74/pid.sus/2021/pn nga. this research is a normative legal research with a statutory approach, literature study, jurisprudence, and expert interviews. the results show that although phishing has not been explicitly mentioned in the ite law, the act can be qualified as extortion or threatening as regulated in article 27 paragraph (4) jo. article 45 paragraph (4) of the ite law. however, in decision no. 74/pid.sus/2021/pn nga, the judge applied the pornography law instead of the ite law, which is more relevant in substance to the modus operandi of phishing. this shows that the principle of lex consumen derogat legi consumte, which emphasizes the application of specific laws that are more in line with concrete facts, has not been properly applied in the decision. as a result, the application of the law is less than optimal in protecting victims and ensnaring the perpetrators according to their actions. this research emphasizes the importance of the accuracy of the application of articles in cybercrime as well as the need to increase understanding of special legal principles in the context of phishing.