Out-of-State Scammers Targeted: How Colorado is Expanding Its Criminal Reach

The Bottom Line

If an out-of-state scammer steals your identity or hacks your bank account, Colorado currently has a hard time prosecuting them because the crime technically happened elsewhere. This bill changes the rules so that if the victim is sitting in Colorado, the state has the legal authority to go after the bad actor, even if the scammer didn't know the victim was a resident. It's a major legal upgrade for fighting modern remote fraud, especially elder abuse.

What This Bill Actually Does

Right now, under Colorado Revised Statutes 18-1-201, a crime is generally prosecuted here if it was committed wholly or partly in the state. But in the digital age, a scammer in a boiler room in Florida or a hacker in Eastern Europe can empty the bank account of a retiree in Fort Collins without ever setting foot in the Mountain Time Zone. The legal gray area happens when courts try to define whether the "result" of the crime actually occurred in Colorado, making it notoriously tough for local district attorneys to bring charges for out-of-state conduct.

House Bill 26-1060 directly targets this loophole by expanding the state's criminal jurisdiction. It explicitly defines the "result" of a crime to include any injury, loss, or damage that happens to a person located in Colorado. Specifically, it gives the state legal authority if an out-of-state actor damages:

• A thing of value (like stealing money or property).
• Constitutional rights or privileges protected by state or federal law.
• Access to information, specifically including electronic records or accounts.
• The victim's identity (classic identity theft).

Here is the kicker: the bill explicitly states that a defendant doesn't need to have actual knowledge that their victim was located in Colorado. If an out-of-state phisher sends a massive blast of fake emails and a Denver resident clicks one, causing financial loss, that hacker can't use "I didn't know they lived in Colorado" as a defense to avoid prosecution in a Colorado court. The legislation specifically calls out the need to protect the state's elderly population, who are frequent targets of these cross-border schemes.

What It Means for You

For the average Coloradan, this bill serves as a modernized legal shield against the daily barrage of digital threats. Whether it's a text message scam pretending to be the postal service, a ransomware attack on your personal computer, or someone opening a credit card in your name from three states away, this legislation empowers local law enforcement to treat it as a local crime. You wouldn't have to rely entirely on overburdened federal agencies like the FBI to seek justice for a drained savings account.

If you have older parents or grandparents living in the state, this is especially relevant to your household. The Legislative Declaration of the bill points directly to the elderly as the most frequent victims of fraud and cross-border schemes. By making it clear that Colorado courts have jurisdiction over these remote financial crimes, local district attorneys get the green light to pursue the perpetrators aggressively without having their cases tossed out on a geographic technicality.

While the bill sets a clear effective date of July 1, 2026 for offenses committed on or after that day, it's important to be realistic about its practical limits on the ground. Giving a Colorado prosecutor the legal right to file charges against a scammer in another country is very different from actually dragging that person into a Denver courtroom. Extradition is complicated, and tracking down anonymous internet hackers remains incredibly difficult. But for interstate crimes—say, a fraudulent contractor in Wyoming who rips off a homeowner in Greeley—this removes a major legal hurdle to getting your money back and seeing the bad actor punished.

What It Means for Your Business

If you run a business in Colorado, particularly one that handles sensitive customer data or processes digital payments, this jurisdiction expansion is a double-edged sword that mostly swings in your favor. On the positive side, if your company's network is breached by an out-of-state bad actor who steals your access to information or trade secrets, Colorado law enforcement gains explicit authority to prosecute. You can work directly with local authorities you already know and pay taxes to support, rather than hoping a federal agency decides your breach is big enough to pick up the case.

If your Colorado-based business operations regularly cross state lines—maybe you are a real estate developer working with out-of-state vendors, or an e-commerce retailer shipping nationwide—you need to understand the "no actual knowledge" provision. Just as Colorado can prosecute outsiders who harm Coloradans, this legal philosophy signals a tightening net around interstate commerce. If an out-of-state vendor defrauds your business, you have a local avenue for criminal charges. However, it also reminds us that borders matter less than ever in digital commerce.

From an operational standpoint, this highlights the growing necessity of treating digital crimes with the exact same severity as physical theft. Business owners should proactively review their cybersecurity protocols and incident response plans. Knowing that local district attorneys could theoretically prosecute these crimes means that properly documenting a breach, preserving server logs, and maintaining a clear chain of custody for digital evidence will be critical if you ever need to press charges after the July 1, 2026 effective date. It's a great time to consult with your IT provider to ensure you're capable of capturing the kind of evidence a local prosecutor would need to build a rock-solid case against a remote attacker.

Follow the Money

According to the nonpartisan Legislative Council Staff, the financial footprint of this bill is remarkably small. Expanding the definition of jurisdiction is expected to result in Minimal State Revenue and Minimal State Workload impacts. Because local district attorneys and state agencies like the Judicial Department and the Department of Corrections are already handling fraud and identity theft cases on a regular basis, the slight increase in newly eligible out-of-state cases isn't projected to require any massive new funding or tax increases.

At the local level, county district attorney offices and local law enforcement agencies might see a slight bump in their workload. More cases could theoretically lead to higher investigation and prosecution costs, but the state's fiscal analysts believe this won't dramatically flood the legal system. No immediate appropriations or new funding mechanisms are attached to the bill—agencies are expected to simply absorb any minor extra costs within their existing annual budgets.

Where This Bill Stands

HB26-1060 is currently Dead. The latest official action came on 03/04/2026: House Committee on Judiciary Postpone Indefinitely.

That means the bill is no longer advancing this session. In practice, measures that are postponed indefinitely or otherwise declared lost generally stay dead unless they are reintroduced in a future session.