Anti-Phishing Act of 2005:

California legislation that took effect this month of January 2006, includes two new laws against spam and phishing, intended to protect consumers:

SB 355 makes Internet "phishing" -- using e-mail to entice recipients to divulge personal information such as Social Security numbers or credit card numbers in order to commit fraud -- a crime in California.

SB 97 increases penalties for violation of California's anti-spam law. It makes such violations misdemeanors, punishable by a fine of not more than $1,000, imprisonment in a county jail for not more than six months, or by both the fine and imprisonment.

Phishing victims are typically sent fraudulent e-mail designed to trick them into revealing personal information, like bank account numbers, usernames and passwords. Under the Anti-Phishing Act, these victims may seek to recover either the cost of the damages they have suffered or $500,000, whichever is greater; government prosecutors can also seek penalties of up to $2,500 per phishing violation.

Phishing attacks have been on the rise. Research firm Gartner Inc. estimates that 73 million U.S. Internet users received phishing e-mails during the 12 months leading up to May 2005, up 28% from the previous year.

If a commercial e-mail advertisement uses a third party domain name without permission, or has forged header information, or a misleading subject line, it's illegal in California. More interestingly, any of the recipient, the recipient ISP, or the Attorney General can sue for $1000 per message, up to a million dollars per incident.

To limit nuisance suits, the court can decrease the penalty to $100 and $100,000 if the defendant established and implemented, with due care, practices and procedures reasonably designed to effectively prevent unsolicited commercial e-mail advertisements that are in violation of this article.''