SPAM

  1. Home
  2. Protecting Consumers
  3. SPAM

En español

If you have an email address, you've likely been spammed with unsolicited commercial messages. Unfortunately, there is no easy way to get rid of this electronic junk mail, but there are steps you can take to reduce the amount of unwanted spam and precautions to take to avoid falling victim to bogus offers slipping into your in-box.

Here are some steps you can take to reduce spam:

  • Use an email filter. Most Internet Service Provides now offer spam filter tools that let you designate the email addresses you want to receive in your in-box and divert messages from unfamiliar sources into a separate folder.
  • Never respond to unsolicited email. Your response is likely to trigger more spam to your email address.
  • Do not send personal information (e.g., credit card numbers, Social Security Number, passwords) in an email. Using spam, identity thieves will try to trick you into disclosing confidential information. These scams are known by such names as "brand spooking" and "phishing."
  • Never sign up with sites that promise to remove your name from spam lists. While some sites are legitimate, many are simply seeking to harvest your email address.
  • Before submitting your email address, check the website's privacy policy regarding the sale of your email address to a third party and your ability to opt out of such commercial uses.
  • Consider using two email addresses to limit public exposure. One email address can be used for more public activities such as chatrooms, newsgroups, online membership directors and business transactions. The other email address can be for personal messages and less likely exposed for harvesting for spam.
  • Complain to your Internet Service Provider to alert them to problems on their system. You also may want to complain to the sender's ISP for possible termination of service for these email abusers.

California law prohibits unsolicited commercial email ads in California. (Bus. & Prof. Code § 17529.) An email ad is unsolicited if you have not given direct consent to receive ads and you don't have a preexisting or current relationship with the advertiser. California law also prohibits commercial email ads in California that:

  • Contain a third party's domain name without that third party's permission;
  • Contain falsified, misrepresented, or forged header information; or
  • Have a subject line that a person knows would be likely to mislead a reasonable recipient about a material fact about the contents or subject matter of the message.

Look-Alike Spam Mail Keeps Surfacing:
Don't Fall Victim To Identity Thieves

Consumers should be on the alert for official-looking emails that are actually spam mail sent by sophisticated identify thieves trying to trick you out of personal information that can be used to drain your bank account, fraudulently get credit cards and commit other crimes.

Spam Alert Don't be fooled! The scam is commonly called "brand spoofing" or "phishing" because the spam mail sent uses familiar or legitimate-sounding names of companies to trick consumers into disclosing confidential personal information. The email may use all or part of a legitimate company's name, and the hyperlink may closely resemble its website, complete with company logo and color schemes that make it look like close to the real thing. For instance, the Earthlink.net spoof used a URL like www.earthlinkservice.com.

“Identity theft is one of the fastest-growing crimes of our times, and the perpetrators net many of their victims on these high-tech phishing expeditions,” notes the Attorney General. “I know Californians are flooded with this particularly harmful spam because my office’s email boxes have been inundated with hundreds of them. To avoid trouble, consumers should be on the alert and delete unsolicited emails.”

Some 2.2 million people every year have their IDs stolen through phishing schemes, according to some published reports. The Gartner Group consulting firm estimated that in 2005 phishing cost consumers nationwide roughly $1 billion.

Small and large companies have been spoofed, such as PayPal, Bank of America, Best Buy and First Union Bank. The emails received look like they may be coming from the company with whom you do business and even use a URL that looks like the real thing but it's not.

One of the latest, ongoing phishing scams targets Chase Bank customers. The phony emails, many of which list their address as reward@chase.net, tempt recipients with the promise of a $20 or $100 credit on their accounts if they simply complete an online survey. The survey requires recipients to provide such ID theft material as PIN number, Social Security number, credit card number and mother’s maiden name.

Other Chase Bank-related phishing scams try to steal personal information by telling recipients such falsehoods as: unauthorized third parties have accessed their accounts; Chase needs to confirm personal data because the bank is implementing a software upgrade; services will be terminated unless renewed immediately; and Chase is launching a new security system because of fraudulent activity on members’ accounts.

Chase does not send customers emails that require the recipients to provide confidential personal information in a response. Additionally, the bank provides customers information about phishing schemes and how to avoid them on its website at www.chase.com .

According to security experts, these types of computer attacks are on the rise because scammers are taking up the tactics, tools and techniques of virus writers and spammers. These scams often are difficult to detect because they can come from anywhere in the world and shut down quickly. Report suspected cases at the federal Internet Fraud Complaint Center.

Be wary if you receive emails that contain:

  • Generic greetings. Many spoof emails begin with a general greeting, such as: "Dear PayPal member" or "Dear AT&T Member".
  • A false sense of urgency. Many spoof emails try to trick you into acting quickly by warning that failure to comply will result in your account being terminated, suspended or charged a penalty.

For example, AT&T customers were spammed with the following fake notice soliciting credit card account information: "We recently attempted to charge you for your cycle use plan and your credit card issuer denied payment to our billing systems. This usually occurs when billing information is out of date or billing address is false. If your account information is not updated within next 48 hours, we will be forced to terminate your account. Thank you for cooperation towards this urgent matter."

  • Fake web links. Don't click on the link contained in the suspicious email. By clicking on the link, you could be opening your computer to viruses or hidden installation of "key logging" devices that can record everything you type, including user passwords and account information, and have the data sent automatically to the identity thief or be harvested later.
  • Don't trust an unsolicited email. Instead, contact the business by telephone or reach the company's genuine website by typing in the company's URL address into your browser.

While the Attorney General is exploring ways to combat identity theft by working with companies that appear to be the biggest targets of phishing emails, tracking down the scam artists remains a difficult task. Much of the illegal spam comes from outside the United States, such as from Eastern Europe and Asia.