Phishing is a type of deception designed to steal your valuable personal data, such as credit card numbers, passwords, account data, or other information. Con artists might send millions of fraudulent e-mail messages that appear to come from Web sites you trust, like your bank or credit card company, and request that you provide personal information.

What does a phishing scam look like?

As scam artists become more sophisticated, so do their phishing e-mail messages and pop-up windows. They often include official-looking logos from real organisations and other identifying information taken directly from legitimate Web sites.

The following is an example of what a phishing scam e-mail message might look like:



To make these phishing e-mail messages look even more legitimate, the scam artists may place a link in them that appears to go to the legitimate Web site (1), but it actually takes you to a phony scam site (2) or possibly a pop-up window that looks exactly like the official site.

These copycat sites are also called "spoofed" Web sites. Once you're at one of these spoofed sites, you might unwittingly send personal information to the con artists.

Use Internet Explorer 7

Internet Explorer 7 includes a phishing filter, which helps protect you from Web fraud and the risks of personal data theft by warning or blocking you from reported phishing Web sites. (You can learn more about the phishing filter here.)

If you use Internet Explorer 7 you will get another layer of protection with sites that use Extended Validation (EV) SSL Certificates. The address bar should turn green to alert you that there is more information available about the Web site. The identity of the Web site owner is also displayed on the address bar.


An EV SSL certificate not only helps ensures that the communication with a Web site is secure, but also includes information about the owner of the Web site, which has been identified by the Certification Authority (CA) issuing the SSL Certificate.

How to tell if an e-mail message is fraudulent

Here are a few phrases to look for if you think an e-mail message is a phishing scam.

"Verify your account."
Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail.
If you receive an e-mail from Microsoft asking you to update your credit card information, do not respond: this is a phishing scam. To learn more, read about fraudulent email sent to Microsoft customers that requests credit card information.

"If you don't respond within 48 hours, your account will be closed."
These messages convey a sense of urgency so that you'll respond immediately without thinking. Phishing e-mail message might even claim that your response is required because your account might have been compromised.

"Dear Valued Customer."
Phishing e-mail messages are usually sent out in bulk and often do not contain your first or last name.

"Click the link below to gain access to your account."
HTML-formatted messages can contain links or forms that you can fill out just as you'd fill out a form on a Web site. The links that you are urged to click may contain all or part of a real company's name and are usually "masked," meaning that the link you see does not take you to that address but somewhere different, usually a phony Web site.

Notice in the following example that resting (but not clicking) the mouse pointer on the link reveals the real Web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company's Web address, which is a suspicious sign.

Example of masked URL address

Con artists also use Uniform Resource Locators (URLs) that resemble the name of a well-known company but are slightly altered by adding, omitting, or transposing letters. For example, the URL "www.microsoft.com" could appear instead as:
www.micosoft.com
www.mircosoft.com
www.verify-microsoft.com

Use the latest products and services to help warn and protect you from online scams

• Install the Microsoft Phishing Filter using Internet Explorer 7 or Windows Live Toolbar. Learn more about how to get Phishing Filter.
• Install up-to-date antivirus and antispyware software. Some phishing e-mail contains malicious or unwanted software that can track your activities or simply slow your computer. Try new antivirus and comprehensive computer health services like Windows Live OneCare. To help prevent spyware or other unwanted software, use Windows Defender. Windows Defender comes with Windows Vista and is available at no charge for Windows XP SP2

To learn more, read "Don't get hooked by email scams". If you believe you may have already provided personal or financial information in response to an e-mail message, read "What to do if you've responded to a phishing scam".