Phishing: Frequently asked questions

Phishing (pronounced "fishing") is a type of online identity theft. It uses e-mail and fraudulent Web sites that are designed to steal your personal data or information such as credit card numbers, passwords, account data, or other information.

Con artists might send millions of fraudulent e-mail messages with links to fraudulent Web sites that appear to come from Web sites you trust, like your bank or credit card company, and request that you provide personal information. Criminals can use this information for many different types of fraud, such as to steal money from your account, to open new accounts in your name, or to obtain official documents using your identity.

For more information about phishing scams, see Recognize phishing scams and fraudulent e-mails.

If you think you've received a phishing scam, delete the e-mail message. Do not click any links in the message.

For more information, see How to handle suspicious e-mail.

To report a phishing Web site using Internet Explorer 7, on the Tools menu, point to Phishing Filter, and then click Report This Website.

To report a phishing e-mail message using Windows Live Hotmail, click Junk.

Report the phishing attempt to Microsoft, using the address abuse@msn.com.

Take these steps to minimize any damage if you suspect that you've responded to a phishing scam with personal or financial information or entered this information into a fake Web site.

For more information, see What to do if you've responded to a phishing scam.

Criminals who send out phishing scams (often called "phishers") send out millions of messages to randomly generated e-mail addresses. They fake or "spoof" popular companies in order to fool the largest number of people.

Spear phishing describes any highly targeted phishing attack. Spear phishers send e-mail messages that appear genuine to all the employees or members within a certain company, government agency, organization, or group.

For more information, see Spear phishing: Highly targeted scams.

Yes. Phishing scams often use the official logos of the companies they're trying to spoof. If you think an e-mail message is a phishing scam, delete it, or type the Web addresses directly into your browser, or use your personal bookmarks.

Not necessarily. Phishing e-mail messages often include official-looking logos from real organizations and other identifying information taken directly from legitimate Web sites. They might also contain phrases like:

For more information, see Recognize phishing scams and fraudulent e-mails.

Any e-mail message that requests banking information is probably a phishing scam. Most legitimate banks will not request this information by e-mail.

If you receive a message to an e-mail address that is not the one you use to log in to your bank account, this is probably a phishing scam.

For more tips about recognizing phishing scams, see Recognize phishing scams and fraudulent e-mails.

Yes, this is a type of phishing scam known as "advance fee fraud." To learn more, see You have not won the Microsoft lottery.

You can do the following to help protect yourself from phishing scams:

To find out more about these tips, see How to handle suspicious e-mail.

Most Microsoft e-mail programs come with built-in anti-phishing detection. This detection helps prevent fraudulent e-mail messages from reaching you in the first place.

Anti-phishing detection automatically deletes the e-mail message or moves it to the junk folder depending on the degree of probability that it is a fraudulent message. If a message is moved to the junk folder, your e-mail program notifies you of the threat.

The following programs include anti-phishing detection:

Internet Explorer 7 includes the Microsoft Phishing Filter, which can help protect you from Web fraud and the risks of personal data theft. To learn more, see Phishing Filter: Help protect yourself from online scams.

The Microsoft Phishing Filter is a feature of Internet Explorer 7. It's designed to help protect you from fraudulent Web sites that try to steal your personal information.

While you surf the Internet, Phishing Filter analyzes pages and determines if they have any characteristics that might be suspicious. If it finds suspicious Web pages, it shows a yellow warning and advises you to proceed with caution. If the site matches an updated list of reported phishing sites, Phishing Filter notifies you with a red flag that it has blocked the site for your safety.

To learn more, read Phishing Filter: Help protect yourself from online scams.

No. Phishing Filter is an optional feature you must turn on to use. You can do this when you install Internet Explorer 7 or when you begin to use the browser.

The first time you use Internet Explorer 7, you are asked whether you want Phishing Filter to check Web sites automatically. If you choose to turn on Phishing Filter, it asks your permission to check and — in some cases — sends certain Web site addresses to Microsoft to be checked against a frequently updated list of reported phishing sites. After you turn it on, Phishing Filter alerts you about suspicious or reported phishing Web sites.

To learn more, read Phishing Filter: Help protect yourself from online scams.

A suspicious Web site has some of the typical characteristics of phishing Web sites, but it is not on the list of reported phishing Web sites. The Web site might be legitimate, but you should be cautious about entering any personal or financial information unless you are certain that the site is trustworthy.

To learn more, read Phishing Filter: Help protect yourself from online scams.

A reported phishing Web site has been confirmed by reputable sources as fraudulent and has been reported to Microsoft. We recommend that you do not give any information to such Web sites.

For in-depth information, see the following: