According to the National Conference of State Legislatures, phishing refers to the act of sending spam or text messages or creating misleading websites for the purpose of tricking innocent individuals into providing fraudsters with personal information. The websites or messages often appear to be from trustworthy entities. However, they exist for the sole purpose of collecting personal information for fraudulent purposes. Some fraudulent websites collect information as soon as an unsuspecting victim clicks the link. 23 states and Guam have legislation that addresses phishing schemes. California is one of them.

Per California Legislative Information, Chapter 33, Anti-Phishing Act, it is unlawful for any person to request, solicit or otherwise entice another person to provide his or her identifying information via means of a web page, message, electronic mail or other use of the internet. Also, a person or entity may not lure personal information by misrepresenting him, her or itself as a business without prior approval from that business.

If a person successfully brings an action against a person who violates the anti-phishing act, the plaintiff may recover either three times the amount of actual damages or $5,000, whichever is greater for each violation.

The Attorney General may also recover a civil penalty in a phishing case. The Attorney General can recover up to $2,500 per violation. The courts may also award attorney fees and courts costs to the prevailing plaintiff. In addition to fines and civil penalties, the state may also impose criminal penalties on a person found guilty of phishing.