What is a phishing scam?
Just when you thought it was safe to go back into your Inbox, there's a new form of spam e-mail on the horizon. This spam is more than just unwanted and annoying. It could lead to the theft of your credit card numbers, passwords, account information, or other personal data. Read on to find out more about this new identity theft scam and to learn how to help protect your privacy.
What is phishing?
Phishing is a type of deception designed to steal your identity. In phishing scams, scam artists try to get you to disclose valuable personal data—like credit card numbers, passwords, account data, or other information—by convincing you to provide it under false pretenses. Phishing schemes can be carried out in person or over the phone, and are delivered online through spam e-mail or pop-up windows.
More information on how phishing works at:
Microsoft's Security At Home
How can I tell if an e-mail message is fraudulent?
Just as in the physical world, con artists will continue to develop new and more sophisticated ways to trick you online.
The following are just a few phrases to watch for if you think an e-mail message is a phishing scam
. Don't forget to trust your instincts. If an e-mail message looks suspicious, that probably means that it is.
If you believe you may have already provided personal or financial information in response to an e-mail message that looked like one of these examples, read What to do if you've responded to a phishing scam.
More information about fraudulent e-mail messages at:
Microsoft's Security At Home
What is spear phishing?
You've probably heard of phishing scams
: fraudulent e-mail messages or fake Web sites designed to steal your identity. Scam artists "phish" in an attempt to persuade millions of people to disclose sensitive information. Now there's a new version of an old scam called "spear phishing," a highly targeted e-mail attack that a scammer will send only to people within a small group, such as a company. The e-mail message might appear to be genuine, but if you respond to it, you might put yourself and your employer at risk.
How spear phishing scams work
Spear phishing describes any highly targeted phishing attack. Spear phishers will send e-mail that appears genuine to all the employees or members within a certain company, government agency, organization, or group. The message might look like it comes from your employer, or from a colleague who might send an e-mail message to everyone in the company, such as the head of human resources or the person who manages the computer systems, and could include requests for user names or passwords.
5 tips to help you avoid spear phishing scams
- Never reveal personal or financial information in a response to an e-mail request, no matter who appears to have sent it.
- If you receive an e-mail message that appears suspicious, call the person or organization listed in the From line before you respond or open any attached files.
- Never click links in an e-mail message that requests personal or financial information. Enter the Web address into your browser window instead.
- Report any e-mail that you suspect might be a spear phishing campaign within your company.
- Use the Microsoft Phishing Filter, which scans and helps identify suspicious Web sites, and provides up-to-the-hour updates and reporting on known phishing sites. To learn more, go to How to get Microsoft Phishing Filter.