Navigation Top
AGO Logo Graphic
AGO Header Image
File a Complaint
Contact the AGO

FAQ Header
  Internet Safety Topics
  Communicating Online
  Socializing Online
  Sharing Images Online
  Gaming Online
  Spending & Saving Online
  Identity Theft
  Computing on the Go
  Bullying Online
  Defensive Computing
  Defending your Computer

Credit reports
Fraud alerts
Security freeze
Washington law
Federal law
Business rights & responsiblities
File a complaint

Checking your credit report

What is the difference between a fraud alert and a freeze?

security freeze means that your credit file cannot be shared with potential creditors or insurance companies. You, too, will not be able to open new credit while a freeze is in place. Individuals can request that a freeze be temporarily lifted for the purpose of obtaining new credit.

fraud alert is a less restrictive option and may help prevent fraud. An alert does not block potential new credit, but is merely a comment on your history.

If you don’t qualify for a security freeze you may still be able to request a fraud alert in some cases.

Can I receive copies of my credit reports without requesting a fraud alert or freeze?

Yes. All consumers can obtain a free annual credit report from each of the three major reporting bureaus, regardless of whether they have been identity theft victims. Call 1-877-322-8228 or make a request online at

[back to top ]

Fraud alerts

What is a fraud alert?

An alert places a statement on your credit report. If an imposter attempts to obtain credit in your name, the creditor will check your credit and will encounter a statement that says something to this effect: "I may be a victim of fraud. Call me at my phone number 123-456-7890 before extending credit." Extended fraud alerts may also be available; details are available on the bureaus’ Web sites.

How long is a fraud alert in effect?

An initial fraud alert lasts 90 days. If you are an identity theft victim, you can request an extended fraud alert that remains a part of your credit files for seven years.

How do I place a fraud alert?

Call the toll-free fraud number of any one of the three major credit bureaus to place an initial fraud alert on your credit report for 90 days. The other two credit bureaus will automatically be notified to place fraud alerts, and all three credit reports will be sent to you free of charge.

To place an extended fraud alert, you will need to provide a copy of a police report and proof of your identity.

I’m on active duty in the military; can a relative place a fraud alert for me?

Yes. If you are away from your permanent duty station, you, your spouse or another personal representative may place an active duty alert on your credit file to help minimize the risk of identity theft while you are deployed. Active duty alerts are in effect on your file for one year. If your deployment lasts longer, you can place another alert on your credit file.

The process for placing and removing an active duty alert is the same as the standard alert described above. If you are not on active duty, use the standard fraud alert.

When you place an active duty alert, you'll be removed from the credit reporting companies' marketing list for pre-screened credit card offers for two years unless you ask to go back on the list before then.

[back to top ]

Security freeze

What is a “security freeze”?

A security freeze means that your credit file cannot be shared with potential creditors or insurance companies.

A security freeze can help prevent identity theft since most businesses will not open credit accounts without checking a consumer's credit history first.

A freeze is not 100 percent fail-safe as some creditors can and will issue credit without pulling a credit report. Firms that you have an existing business relationship will be able to pull a report despite the freeze and your information may be released for the purpose of prescreening.

Who can request a security freeze?

Anyone can request a freeze.

How do I request a security freeze?

Write to each of the three bureaus. See our chart for instructions. Keep copies of your request and supporting documentation.

Is there a cost to place, temporarily lift or remove a freeze?

Under current law, identity theft victims and individuals whose information was potentially compromised in a data breach may request a security freeze for free.

Starting Sept. 1, 2008, identity theft victims and adults ages 65 and older will be able to place a freeze for free.

Other consumers pay up to $10 per bureau. Consumers who aren’t entitled to a free freeze would therefore pay a total of $30 to freeze their reports with the three major credit reporting agencies, Equifax, Experian and Trans Union.

Qualifying individuals may be charged a fee to temporarily lift or remove a freeze. Washington’s current law does not address these fees. See chart for details.

Should I sign up for credit monitoring?

The Attorney General’s Office does not endorse or oppose credit monitoring services, and advises consumers to consider whether these services are beneficial. Note that bureaus offer packages that provide credit monitoring -- for an additional cost -- with the ability to freeze your reports.

Do I have to freeze my file with all three credit bureaus?

Yes. Different credit issuers may use different credit bureaus. If you want to stop your credit file from being viewed, you need to freeze it with Equifax, Experian and Trans Union.

How is identity theft defined under Washington law?

Washington’s identity theft law states that no person may knowingly obtain, possess, use, or transfer a means of identification or financial information of another person, living or dead, with the intent to commit, or to aid or abet, any crime. A lost wallet or purse alone would likely not be sufficient grounds for filing or receiving a free freeze. If a thief uses that information to commit fraud, that would qualify.

My information was stolen in a security breach. Do I still need to file a police report?

Under Washington’s current law, a police report is required to request a security freeze. Police departments generally prefer that you file a report only if you are a victim of a crime. In some cases, the business or agency that was the target of the security breach may be willing to provide you with a copy of its police report in order to request a freeze. Beginning September 1, 2008, you may request a freeze for free but unless you provide a police report indicating that you are victim of identity theft, you may be charged a fee.

Can I open new credit accounts if my files are frozen? How long does it take to obtain access to my credit?

You cannot open new credit while a freeze is in place. You can request that a freeze by temporarily lifted. This can take up to three days under current law.

Beginning September 1, 2008, Washington consumers will be able to request a thaw within 15 minutes through an electronic contact method chosen by the credit bureau, or within three business days of receiving a request by mail.

How long does it take for a security freeze to be in effect?

Credit bureaus must place the freeze no later than five business days after receiving your written request. Beginning September 1, 2008, bureaus must place a freeze within five business days after receiving your written request and payment of any required fees.

What will a creditor who requests my file see if it is frozen?

A creditor will see a message or a code indicating that the file is frozen.

Can a creditor get my credit score if my file is frozen?

No. A creditor who requests your file from one of the three credit bureaus will only get a message or a code indicating that the file is frozen.

Can I order my own credit report if my file is frozen?


Can anyone see my credit file if it is frozen?

When you have a security freeze on your credit file, certain entities still have access to it. Your report can still be released to your existing creditors or to collection agencies acting on their behalf. They can use it to review or collect on your account.

Other creditors may also use your information to make offers of credit, unless you opt out of receiving such offers.

Government agencies may have access for collecting child support payments or taxes or for investigating fraud. Government agencies may also have access in response to a court or administrative order, a subpoena, or a search warrant.

Will a freeze lower my credit score?


Does freezing my file mean that I won’t receive pre-approved credit offers?

No. You can stop the pre-approved credit offers by calling 1-888-5-OPTOUT or filing a request online at This will stop most of the offers; the ones that go through the credit bureaus. It’s good for two years or you can make it permanent. Visit our Tips for ID Theft/Privacy page for more information about this service.

What law requires security freezes?

Washington State’s Fair Credit Reporting Act, RCW 19.182, was amended in July 2005 to allow victims of identity theft the ability to place a freeze on their credit. New revisions that take effect September 1, 2008, expand this right to all individuals. Since the revised legislation was approved, the three major credit bureaus have implemented new procedures to allow any consumer to request a freeze.

[back to top ]

Washington's anti-spam law

Although not all spam is illegal, almost all of it is a nuisance. Washington’s 1998 anti-spam statute, which was challenged on constitutional grounds, was upheld by the Washington Supreme Court in 2001. In 2003, the law outlining jurisdiction for Washington district courts was amended to specifically allow these courts to hear spam cases. It now serves as a valuable weapon that individual consumers and the state can use to fight deceptive spam.

In order to be used properly, it is important for consumers to fully understand what the law says.

Washington's law makes it illegal in Washington to send an unsolicited commercial e-mail IF the e-mail is sent:

  • To a Washington e-mail address; or
  • From a computer located in Washington.

AND using:

  • False information identifying the point of origin of the message or that hides the true origin of the sender (Also known as a "False Header");
  • False or misleading information in the subject line; or
  • A third party's e-mail address (domain name) without permission.

The law only applies when a sender knows or has reason to know the e-mail is being sent to Washington.

How does a sender find out if an e-mail address is located in Washington?

  • The sender checks with the domain name registrant (usually the Internet Service Provider) before sending the e-mail;
  • If the information is available, the sender is deemed to know the address is in Washington; or
  • Even if the sender fails to inquire about the information, as long as it's available, the sender is deemed to know.

REGISTER your e-mail and take other steps to make your Washington e-mail address available.

What is Deceptive?

Although spam may be very obnoxious or frustrating to receive, unless it violates one of the elements of Washington’s spam law, it is not illegal in this state. One of the easiest ways to tell if an e-mail violates Washington’s spam statute is to take a look at the subject line of the e-mail and compare it to the text of the message.

Generally, a subject line is considered legally deceptive if it has a tendency or capacity to deceive consumers. It need not actually deceive or harm consumers and there need not be intent to deceive.

If the subject line is NOT deceptive – in that the subject line clearly represents what is being sent, the e-mail does not likely meet this element of the spam statute. Unless you show that another element has been violated, you may not need to file the complaint.

How do I know if it is deceptive?

Carefully examine the body of the e-mail message as it relates to the e-mail’s subject line and ask yourself these questions:

  • Does it accurately describe what is contained in the e-mail? For example, does a subject line describing "important news about your taxes" contain a message with information about a get-rich-quick scheme?
  • Is it a "come-on," attempting to entice you to read the message?
  • Does it create a false sense of urgency?
  • Does it misrepresent the identity of the sender of the message?

Here are a few examples of deceptive subject lines our office has received over the years:

 Subject Line Body of Spam
 "board meeting 3ish" Online pharmacy solicitation
 "URGENT - Account Update" Debt consolidation service
 "well???" Pornography solicitation
 "Check Unclaimed" Debt consolidation service
 "This works - have a look" Online casino solicitation
 "I talked to him yesterday" Online pharmacy solicitation
 "Payment Past Due" Debt consolidation service







19.190.010 Definitions.
19.190.020 Unpermitted or misleading electronic mail – Prohibition.
19.190.030 Unpermitted or misleading electronic mail – Violation of consumer protection act.
19.190.040 Violations – Damages.
19.190.050 Blocking of commercial electronic mail by interactive computer service – Immunity from liability.

View a Background Paper on Washington Supreme Court Case Challenging Washington's Anti-Spam Law.

[back to top ]

Federal anti-spam law

The federal CAN-SPAM Act went into effect on January 1, 2004. The CAN-SPAM Act (Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003) was created by federal lawmakers as a new tool for combating the onslaught of unsolicited commercial e-mail commonly known as "spam." The CAN-SPAM Act preempts all state law that regulates commercial e-mail except to the extent that state law prohibits falsity or deception.

Because Washington State's Spam Law focuses exclusively on falsity and deception, it is not preempted by the new federal law. The federal law therefore generally gives consumers of this state a second, different tool to combat spam. The federal statute:

  • Requires senders of commercial e-mail to provide recipients with the ability to opt out of receiving more e-mail;
  • Requires e-mail to be identified as an advertisement or commercial e-mail;
  • Requires sexually-oriented e-mail be labeled as such in the subject line;
  • Requires the physical address of the sender to be included in the e-mail;
  • Requires the Federal Trade Commission (FTC) to study:
    • The viability of a do-not-spam registry (similar to the recent do-not-call registry );
    • Effects, in general, of commercial e-mail; and
    • The viability of reward system for those who report unlawful spamming.
  • Creates criminal penalties for those who violate substantive provisions of the law; and
  • Does not give consumers a private right of action.

If you would like to file a complaint under the CAN-SPAM Act, the FTC accepts spam complaints at The FTC also provides more detailed information about spam issues and the CAN-SPAM law on the FTC Web site.

The Children's Online Privacy Protection Act (COPPA) is a law that restricts the online collection of personal information from children less than 13 years of age.

The Child Online Protection Act (COPA) is a law in the United States of America, passed in 1998 with the declared purpose of protecting minors from harmful sexual material on the Internet.

[back to top ]

Online business rights and responsibilities

Sharing of Information Relevant to Identity Theft

Victims report that it is extremely difficult to get information related to financial transactions. This provision was added to help victims track down the source of inaccurate entries on their credit report.

If a business has information relating to violations of the Identity Theft Act and may have done business with the thief, the business must provide, upon the request of the victim, copies of all relevant information.

Before providing the requested information, businesses may require the victim to verify his or her identity. Businesses may require proof of identity and charge reasonable fees for providing the information. Businesses may require:

  1. A government issued photo identification card;
  2. A copy of a police report; and
  3. A written statement from the state patrol documenting that the victim's identity has been verified.

Criminal Liability

A business that shares information with others for the purpose of aiding identity theft victims or assisting law enforcement will not be subject to civil or criminal liability if done in good faith.

A business may decline to provide the information when, in good faith and reasonable judgment, it determines that the law does not require the disclosure of the information.

A business that fails to disclose information may be in violation of the Consumer Protection Act. A consumer harmed by such a violation may be awarded actual damages, or, in the case of willful violations, punitive damages of up to $1,000, costs and reasonable attorney's fees.

Victim Identification Procedure

In order to verify identity, an identity theft victim may have fingerprints taken by any law enforcement agency that will then forward to the Washington State Patrol. Once the fingerprints are filed, the State Patrol must provide the victim with a written statement verifying the alleged identity theft and inform the businesses of their obligation to share relevant information with the victim.

Limitations Imposed On Collection Agencies

A collection agency may not call a debtor more than one time in 180 days in order to collect on debts associated with an identity theft, as long as the victim forwards information regarding the alleged theft to the collection agency.

The victim must provide:

  1. A written statement describing the nature of the fraud or theft and identifying the documents and/or accounts involved;
  2. A certified copy of the relevant police report;
  3. Detailed information specifically identifying the relevant financial institutions, account numbers, check numbers, etc
  4. A legible copy of a government issued photo identification card issued before the date of the alleged identity theft; and
  5. A statement that the subject debt is being disputed as the result of identity theft. Collection agencies are only prohibited from calling consumers about transactions which have been identified as fraudulent.

Under certain limited circumstances a collection agency may be free of liability for repeated oral contacts with a debtor, contacts that would otherwise violate the statute. A collection agency does not violate the statute if it acts in good faith and the contacts fall under any one of several specified exceptions.

Limitations Imposed On Reporting Agencies

Within thirty days of receiving proof of a consumer's identification and a copy of a filed police report verifying the consumers claim that he or she is the victim of identity theft, a credit reporting agency must permanently block information from a credit report that may be the result of identity theft.

The consumer reporting agency must tell the entities furnishing information subject to the report that the information has been blocked. Under certain circumstances, such as errors or consumer misrepresentation, the consumer reporting company or the entity providing the information may rescind the block.

[back to top ]

File a junk e-mail complaint with the Washington Attorney General

  1. The link at the bottom of this page will connect you to an e-mail complaint form. You should only complete this form if you have received an e-mail message that violates Washington’s law. A message is illegal if:

    • It is sent for commercial purposes; AND
    • The sender or recipient is located in Washington; AND
    • The message contains:
      • A misleading subject line; OR
      • A false header; OR
      • It uses a third party’s address (domain name) without permission as the point of origin of the e-mail.
    • Visit our Washington Spam Law page for more information to help you decide whether the e-mail you received violates Washington’s law.
  2. To complete the form, enter your responses in the boxes provided for each designated question. If you cannot answer a question, leave the space blank or answer to the best of your knowledge. Please answer the questions as completely as possible. Many of the response boxes will accept large amounts of information. Upon completion, please click on the submit button to send the complaint to Cyber Consumer Resource Center.
  3. Complete one form for each business that sends you illegal e-mail. You can reuse the computer form for as many e-mail complaints as you wish. Use the "previous page" button on your browser to return to the form after submitting each complaint.

What Happens to Your Complaint?

Junk e-mail complaints filed with our office will be entered into our database for potential future enforcement action. Because of the enormous volume of "spam" complaints that we receive, and the difficulty and time needed to track the origin of the spammer, we do not routinely forward consumer complaints to spammers. Similarly, we do not send e-mail responses back to you other than the web-based confirmation you’ll receive after filling out the form. Rather, we monitor our complaints for trends and potential targets for enforcement.

Thank you. We appreciate your efforts to provide this valuable information about illegal e-mail. Without this information, we would be unable to identify the trends that permit us to investigate and litigate cases against illegal spammers.

Junk E-mail AGO Online Complaint
File A Complaint with the FTC

[back to top ]

LOOKBOTHWAYS Inc. © 2008 not for commercial use

Content Bottom Graphic
AGO Logo