This chapter shall be known and may be cited as the Anti-Phishing Act of 2005.
Chapter 33Anti-Phishing Act of 2005
Section § 22948
This law is called the Anti-Phishing Act of 2005, and it sets out rules to prevent phishing scams.
Anti-Phishing Act 2005 phishing scams fraud prevention online security identity theft email fraud internet safety cybercrime consumer protection deceptive practices digital laws California cybersecurity phishing regulation internet fraud prevention
Section § 22948.1
This law section defines key terms related to electronic communications for a specific chapter. It explains what an 'Electronic mail message' is as a specific destination where messages are sent. 'Identifying information' includes sensitive personal data such as Social Security numbers, bank details, PINs, and other data that could be used for accessing financial accounts. 'Internet' and 'Web page' are defined by their customary meanings, with reference to other legal definitions for 'Internet'.
For the purposes of this chapter, the following terms have the following meanings:
(a)CA Business and Professions Code § 22948.1(a) “Electronic mail message” means a message sent to a unique destination, commonly expressed as a string of characters, consisting of a unique user name or mailbox (commonly referred to as the “local part”) and a reference to an Internet domain (commonly referred to as the “domain part”), whether or not displayed, to which an electronic message can be sent or delivered.
(b)CA Business and Professions Code § 22948.1(b) “Identifying information” means, with respect to an individual, any of the following:
(1)CA Business and Professions Code § 22948.1(b)(1) Social security number.
(2)CA Business and Professions Code § 22948.1(b)(2) Driver’s license number.
(3)CA Business and Professions Code § 22948.1(b)(3) Bank account number.
(4)CA Business and Professions Code § 22948.1(b)(4) Credit card or debit card number.
(5)CA Business and Professions Code § 22948.1(b)(5) Personal identification number (PIN).
(6)CA Business and Professions Code § 22948.1(b)(6) Automated or electronic signature.
(7)CA Business and Professions Code § 22948.1(b)(7) Unique biometric data.
(8)CA Business and Professions Code § 22948.1(b)(8) Account password.
(9)CA Business and Professions Code § 22948.1(b)(9) Any other piece of information that can be used to access an individual’s financial accounts or to obtain goods or services.
(c)CA Business and Professions Code § 22948.1(c) “Internet” shall have the meaning as defined in paragraph (6) of subdivision (f) of Section 17538.
(d)CA Business and Professions Code § 22948.1(d) “Web page” means a location that has a single uniform resource locator or other single location with respect to the Internet.
electronic mail message identifying information social security number bank account number credit card number Internet domain unique biometric data account password Internet web page uniform resource locator PIN automated signature
Section § 22948.2
This law makes it illegal for anyone to use the Internet to pretend to be a business and trick people into giving their personal information without permission from the actual business.
It shall be unlawful for any person, by means of a Web page, electronic mail message, or otherwise through use of the Internet, to solicit, request, or take any action to induce another person to provide identifying information by representing itself to be a business without the authority or approval of the business.
identity theft Internet solicitation impersonation fraudulent representation personal information business authority Internet fraud Web page misuse email deception phishing computer crime online deception business impersonation unauthorized representation
Section § 22948.3
Section 22948.3 allows certain individuals and entities to take legal action against those who violate specific internet-related rules, outlined in Section 22948.2. Internet service providers, website owners, or trademark owners who suffer due to these violations can seek damages of either their actual losses or up to $500,000, whichever is greater. Individuals personally affected can sue but only for direct violations, claiming either three times their actual losses or $5,000 for each incident. The state's Attorney General or district attorney can also enforce this law, imposing penalties up to $2,500 per violation. Courts can increase damages in cases of repeated offenses and award legal costs to winners. Existing legal remedies remain available, and multiple infractions from one act count as a single violation for specific claims.
(a)CA Business and Professions Code § 22948.3(a) The following persons may bring an action against a person who violates or is in violation of Section 22948.2:
(1)CA Business and Professions Code § 22948.3(a)(1) A person who (A) is engaged in the business of providing Internet access service to the public, owns a Web page, or owns a trademark, and (B) is adversely affected by a violation of Section 22948.2.
An action brought under this paragraph may seek to recover the greater of actual damages or five hundred thousand dollars ($500,000).
(2)CA Business and Professions Code § 22948.3(2) An individual who is adversely affected by a violation of Section 22948.2 may bring an action, but only against a person who has directly violated Section 22948.2.
An action brought under this paragraph may seek to enjoin further violations of Section 22948.2 and to recover the greater of three times the amount of actual damages or five thousand dollars ($5,000) per violation.
(b)CA Business and Professions Code § 22948.3(b) The Attorney General or a district attorney may bring an action against a person who violates or is in violation of Section 22948.2 to enjoin further violations of Section 22948.2 and to recover a civil penalty of up to two thousand five hundred dollars ($2,500) per violation.
(c)CA Business and Professions Code § 22948.3(c) In an action pursuant to this section, a court may, in addition, do either or both of the following:
(1)CA Business and Professions Code § 22948.3(c)(1) Increase the recoverable damages to an amount up to three times the damages otherwise recoverable under subdivision (a) in cases in which the defendant has engaged in a pattern and practice of violating Section 22948.2.
(2)CA Business and Professions Code § 22948.3(c)(2) Award costs of suit and reasonable attorney’s fees to a prevailing plaintiff.
(d)CA Business and Professions Code § 22948.3(d) The remedies provided in this section do not preclude the seeking of remedies, including criminal remedies, under any other applicable provision of law.
(e)CA Business and Professions Code § 22948.3(e) For purposes of paragraph (1) of subdivision (a), multiple violations of Section 22948.2 resulting from any single action or conduct shall constitute one violation.
internet access service web page owners trademark ownership actual damages Section 22948.2 injunction civil penalty Attorney General district attorney pattern and practice reasonable attorney’s fees multiple violations internet-related violations contractual disputes legal damages
