How to reduce the risk of online fraud
Published: May 4, 2009
Online fraud can be annoying and costly for you and might pose serious risks to your computer. You can help reduce online fraud by learning to recognize scams and taking steps to avoid them.
Identity theft has been around for a while, but the cost to consumers has risen since criminals have gone online. Criminals who want to gain access to your online accounts use phishing, hoaxes, or other scams to obtain personal information such as your name, social security number, account name, or password.
Common types of online scams
Here are some common types of scams that you should learn to recognize and avoid.
| • | Phishing scams are fraudulent e-mail messages or Web sites designed to trick you into entering personal or financial information. Phishing scams often spoof companies you know and trust, like your bank, and might contain urgent messages with threats of account closures or other alarming consequences. Some phishing e-mail messages and Web sites contain malicious or unwanted software that can enter your computer if you click links or file attachments. For more information, see ID theft and phishing scams. |
| • | Hoaxes include lottery scams and advanced fee fraud scams. For example, an e-mail message might request your help in a financial transaction—such as the transfer of a large sum of money into your account. Or a message might contain a claim that you have received a large inheritance from someone you do not know, or that you have won a lottery that you did not enter. For more information, see Avoid the "Microsoft Lottery" scam and Avoid e-mail hoaxes and fraudulent e-mail scams. |
Six signs of a scam
Be on the lookout for these six things to help protect yourself from scammers.
1. | Generic introductions such as "Dear Customer," which indicate that the sender does not know you and should not be trusted. |
2. | Alarming or urgent statements that require you to respond immediately. |
3. | Requests for personal or financial information, such as user names or passwords, credit card or bank account numbers, social security numbers, date of birth, or other information that can be used to steal your identity. |
4. | Misspellings and grammatical errors, including Web addresses. The Web address might look very similar to the address of a legitimate business, with a minor change. For example, instead of www.microsoft.com, the scammer might use www.micrsoft.com. For more information, see Typos can cost you. |
5. | The text of the link in the e-mail message is different from the Web address that you are directed to when you click the link. You can determine the actual Web address for a link by hovering over the link without clicking it. The Web address appears in a text box above the link.
|
6. | The "From" line in the original e-mail message to you shows a different Web address than the one that appears when you try to reply to the message.
|
How can I help prevent a scam from happening to me?
The following suggestions could help you avoid online fraud.
| • | Delete spam. Do not open it or reply to it, even to ask to be removed from a mailing list. When you reply, you confirm to the senders that they have reached an active e-mail account. |
| • | Use caution when you click links in an e-mail message, text message, pop-up window, or instant message. Instead, type Web addresses in a Web browser, or use your online bookmarks. |
| • | Do not open e-mail attachments or click instant message download links, unless you know who sent the message and you were expecting the attachment or link. |
| • | Be cautious about providing your personal or financial information online. Do not fill out forms in e-mail messages that ask for personal or financial information. |
| • | Create strong passwords and avoid using the same password for your bank and other important accounts. For more information, see Creating a strong password for your e-mail account: why you should and how to do it. |
| • | Before you submit any personal or financial information to a Web site, check to see if the site uses encryption, a security measure that helps protect your data as it traverses the Internet. Signs include a Web address with https ("s" stands for secure) and a closed padlock symbol beside it or in the lower-right corner of the window.
|
| • | Use Internet Explorer 8 or similar Web browsers that include an additional layer of protection with sites that use Extended Validation (EV) SSL Certificates. With Internet Explorer 8, the address bar turns green to notify you that there is more information available about the Web site you are visiting. The identity of the Web site owner is also displayed on the address bar.
|
| • | Visit Microsoft Update to install the latest security updates and turn on the automatic update feature. |
| • | Make sure your computer’s firewall is turned on and that you use antivirus software, which should also be regularly updated.
|
| • | Check your bank and credit card statements closely to identify and report any transactions that are not legitimate. |
| • | Never pay bills, bank, shop, or conduct other financial transactions on a public or shared computer, or over a public wireless network. If you do log on to public computers, look for computers on networks that require a password, which increases security.
|
What should I do if I notice suspicious activity?
If you think an e-mail message might be fraudulent, we recommend taking the following precautions.
| • | Delete the message. Do not respond or click links in it. |
| • | Report any suspicious activity. (See below for contact information.) |
| • | If you believe that someone is using your Windows Live account, you can reset your password. Go to www.login.live.com and click Forgot your password? |
| • | Fraudulent e-mail messages sometimes contain unwanted or malicious software (also known as malware). If you think you might have malware on your computer, go to safety.live.com and scan your computer to check for and remove unwanted software. |
For more information, see What to do if you're a victim of fraud.
Report suspicious activity
If you suspect that something is wrong, there are several ways to report the possible fraud.
Microsoft
| • | If you suspect that you've received a phishing e-mail message, click report phishing scam on the message toolbar in Windows Live Hotmail or forward the entire e-mail message, including the original header information, to abuse@hotmail.com. |
| • | To report the Microsoft Lottery Fraud, send an e-mail message to lotfraud@microsoft.com. |
| • | For any other suspicious activity, go to support.live.com. |
| • | For Hotmail, go to the Hotmail Online Solutions Center. |
U.S. agencies
Federal Trade Commission
Additional Resources
Visit these Web sites for additional information about how to protect yourself from fraud in the United States.
