Search Microsoft Security
Search Microsoft.com

Phishing scams that target activities, interests, or news events

Phishing scams that target activities, interests, or news events

New phishing scams are generated whenever there is a newsworthy event, such as a natural disaster, a national election, or a significant change in the world financial system.

Fake e-cards

E-cards are created the same way websites are: They're built on the Internet, just like this page. So when you send someone an e-card, you send them a link to click, which takes them to the online greeting card you created for them.

This means an e-card you receive could actually be a phishing scam, spam or a spyware installer, or a computer virus.

How to avoid fake e-cards

  • Recognize the sender of the e-card. If you don't know the sender, do not trust the card. Legitimate companies have standard, obvious ways for you to recognize that the email is not a fraud.

    For example, with MSN Greetings, the "from" always shows "Ecard from MSN Greetings" as the display name and "ecards@msn.americangreetings.com" as the email address.

    Make sure you check both the display name and email address of the sender.

  • When in doubt, use alternative viewing methods. Do not click any links when you are not sure of the sender or intent of the email.

    For example, if you use MSN Greetings, you can view your greeting on the MSN Greetings website. Type "msn.americangreetings.com" into your web browser and click the "ecard pickup" link in the upper right-hand corner.

  • Never download or click anything from an unknown source.

  • Be wary of an email message or file attachment from someone you don't know or that seems suspicious.

  • Preview a link's web address before you click it. If the link doesn't show an address, move your mouse pointer over a link without clicking it to see where the link goes. (The address should appear on the bottom bar of your web browser.)

  • Don't accept an end-user agreement without reading the fine print first; you might inadvertently agree to install spyware or something else you don't want.

  • Use established greeting card sites such as MSN Greetings or American Greetings when sending e-cards.

Online job-hunting scams

Phishing scams might also appear as phony job ads, used to convince job hunters to send them personal information. Cyber criminals post their ads on legitimate job sites and often use familiar-looking or convincing company logos, language, and links to fake websites that appear to be those of real organizations.

These sites might also charge fees for services they will never render. Typically, after a few days the thieves close down the scam and disappear.

Best practices for online job hunters

  • Never provide any non-work related personal information such as your social security number, credit card number, date of birth, home address, and marital status online, through email, over the phone, in a fax, or on your resume.

  • List your resume on a job site that allows only verified recruiters to scan them and uses a privacy policy.

  • Verify a prospective employer, recruiter, or recruiting agency through another source such as the Better Business Bureau or a phone book, and then contact them directly—or better yet, visit them in person at the company location during regular work hours.

  • If a prospective recruiter or employer requests a background check, agree to do so only after you have met with them at their company location during regular work hours.

  • Beware of anyone who asks you for money up front in exchange for finding work for you. You should never have to pay for "exclusive" job leads or for a job itself.

  • If you are paying for job placement services, don't provide credit card or bank information or engage in any monetary transactions unless done in person, onsite, with a prospective recruiter or job agency.

  • Carefully evaluate contact information in job ads or related email messages, watching out for spelling errors, an email address that does not feature the company's name, and inconsistencies with area or zip codes.

  • Create an exclusive web-based email address and account for all non-personal communication.

Donation scams

Natural disasters, political campaigns, and global health issues are often the focus of donation phishing scams. For example, in recent years, cyber criminals have taken advantage of earthquakes and tsunamis to create illegitimate "charity" businesses to help the survivors of these events.

Most of these scams begin with an email message or a post in an online forum asking for donations in the name of well-known, legitimate charities. When you click a link, you are taken to a phony website designed to trick you into providing your personal financial information.

How to avoid donation scams

  • Be on guard if you receive an unsolicited email message from a charitable organization asking for money. Don't open any attachments or click any links. Manually type the charity's web address into your browser's address bar and make sure the request is legitimate before you donate.

  • Double-check the spelling of the organization's website in the address bar before looking through the site. Spoofed websites often use deliberate, easily overlooked misspellings to deceive users.

  • On the web page where you enter your credit card or other personal information, look for an "s" after http in the web address of that page. It should read: https://. (Encryption is a security measure that scrambles data as it traverses the Internet.)

  • Make sure that there is a tiny closed padlock in the address bar, or on the lower-right corner of the window.

  • If you are using Internet Explorer, one sign of trustworthiness is that the address bar turns green and displays both https and the closed padlock.

  • Improve your computer's defenses by always using firewall, antivirus, and antispyware software, and making sure to download and install updates for all of your software. Use automatic updates so you don't have to manually install the updates.

  • Use a browser filter that warns you of suspicious websites, such as the SmartScreen Filter in Internet Explorer 8 and the Phishing Filter in Internet Explorer 7.