About the AG

  • Subscribe to the AG's RSS Feed
  • Join the AG's FaceBook
  • Follow the AG on Twitter
  • View the AG's YouTube Channel
  • View the AG's Tumblr Page

SPAM / Phishing


Consumers should be on the alert for official-looking emails that are actually spam mail sent by sophisticated identify thieves trying to trick you out of personal information that can be used to drain your bank account, fraudulently get credit cards and commit other crimes.

Spam Alert Don't be fooled! The scam is commonly called "brand spoofing" or "phishing" because the spam mail sent uses familiar or legitimate-sounding names of companies to trick consumers into disclosing confidential personal information. The email may use all or part of a legitimate company's name, and the hyperlink may closely resemble its website, complete with company logo and color schemes that make it look like close to the real thing. For instance, the Earthlink.net spoof used a URL like www.earthlinkservice.com.

“Identity theft is one of the fastest-growing crimes of our times, and the perpetrators net many of their victims on these high-tech phishing expeditions,” notes the Attorney General. “I know Californians are flooded with this particularly harmful spam because my office’s email boxes have been inundated with hundreds of them. To avoid trouble, consumers should be on the alert and delete unsolicited emails.”

Some 2.2 million people every year have their IDs stolen through phishing schemes, according to some published reports. The Gartner Group consulting firm estimated that in 2005 phishing cost consumers nationwide roughly $1 billion.

Small and large companies have been spoofed, such as PayPal, Bank of America, Best Buy and First Union Bank. The emails received look like they may be coming from the company with whom you do business and even use a URL that looks like the real thing but it's not.

One of the latest, ongoing phishing scams targets Chase Bank customers. The phony emails, many of which list their address as reward@chase.net, tempt recipients with the promise of a $20 or $100 credit on their accounts if they simply complete an online survey. The survey requires recipients to provide such ID theft material as PIN number, Social Security number, credit card number and mother’s maiden name.

Other Chase Bank-related phishing scams try to steal personal information by telling recipients such falsehoods as: unauthorized third parties have accessed their accounts; Chase needs to confirm personal data because the bank is implementing a software upgrade; services will be terminated unless renewed immediately; and Chase is launching a new security system because of fraudulent activity on members’ accounts.

Chase does not send customers emails that require the recipients to provide confidential personal information in a response. Additionally, the bank provides customers information about phishing schemes and how to avoid them on its website at www.chase.com .

According to security experts, these types of computer attacks are on the rise because scammers are taking up the tactics, tools and techniques of virus writers and spammers. These scams often are difficult to detect because they can come from anywhere in the world and shut down quickly. Report suspected cases at the federal Internet Fraud Complaint Center.

Be wary if you receive emails that contain:

  • Generic greetings. Many spoof emails begin with a general greeting, such as: "Dear PayPal member" or "Dear AT&T Member".
  • A false sense of urgency. Many spoof emails try to trick you into acting quickly by warning that failure to comply will result in your account being terminated, suspended or charged a penalty.

For example, AT&T customers were spammed with the following fake notice soliciting credit card account information: "We recently attempted to charge you for your cycle use plan and your credit card issuer denied payment to our billing systems. This usually occurs when billing information is out of date or billing address is false. If your account information is not updated within next 48 hours, we will be forced to terminate your account. Thank you for cooperation towards this urgent matter."

  • Fake web links. Don't click on the link contained in the suspicious email. By clicking on the link, you could be opening your computer to viruses or hidden installation of "key logging" devices that can record everything you type, including user passwords and account information, and have the data sent automatically to the identity thief or be harvested later.
  • Don't trust an unsolicited email. Instead, contact the business by telephone or reach the company's genuine website by typing in the company's URL address into your browser.

While the Attorney General is exploring ways to combat identity theft by working with companies that appear to be the biggest targets of phishing emails, tracking down the scam artists remains a difficult task. Much of the illegal spam comes from outside the United States, such as from Eastern Europe and Asia.

You also can report being spammed to the Federal Trade Commission. Send a copy of the unwanted or deceptive messages to spam@uce.gov, or visit their website, FTC's SPAM.

Some Basic Rules To Avoid Falling Victim

  • When in doubt, throw the email out.
  • Never give out personal information by email.
  • Don't trust email headers. They can be faked.
  • Never fill out a form in an email message. You never know who will get it.
  • Never trust the link in an email message. Scam artists are getting sophisticated and are able to have their web site mirror a legitimate business website.
  • Don't trust email messages on the status of your account. Always go directly to a company's website to access your account information.
  • Don't respond to messages that come with an embedded link and a sense of urgency about your account being closed, temporarily suspended or fee being charged if you don't respond.

Protecting Consumers

State & Federal Laws

You can search California laws on the Internet

California Law

View a checklist of significant California consumer laws

CA Dept of Consumer Affairs

Search U.S. laws on the Internet at U.S. Code

U.S. Code

Megan's Law

California Registered Sex Offender Database

Search Now

Megan's Law information is also available in these languages:

Site Navigation

Translate Website

  • Google™ Translation Disclaimer

This Google™ translation feature is provided for informational purposes only.

The Office of the Attorney General is unable to guarantee the accuracy of this translation and is therefore not liable for any inaccurate information resulting from the translation application tool.

Please consult with a translator for accuracy if you are relying on the translation or are using this site for official business.

If you have any questions please contact:Bilingual Services Program at (916) 324-5482

A copy of this disclaimer can also be found on our Disclaimer page.

Select a Language Below / Seleccione el Idioma Abajo

Close this box or use the [ X ]