Phishing (pronounced "fishing") is a type of online identity theft. It uses email and fraudulent websites that are designed to steal your personal data or information such as credit card numbers, passwords, account data, or other information.
Con artists might send millions of fraudulent email messages with links to fraudulent websites that appear to come from websites you trust, like your bank or credit card company, and request that you provide personal information. Criminals can use this information for many different types of fraud, such as to steal money from your account, to open new accounts in your name, or to obtain official documents using your identity.
For more information about phishing scams, see Email and web scams: How to help protect yourself.
If you think you've received a phishing scam, delete the email message. Do not click any links in the message.
Whenever you receive a phone call or see a pop-up window on your PC and feel uncertain whether it is from someone at Microsoft, don’t take the risk. Reach out directly to one of our technical support experts dedicated to helping you at the Microsoft Answer Desk. Or you can simply call us at 1-800-426-9400 or one of our customer service phone numbers for people located around the world.
You can also use Microsoft tools to report a suspected phishing scam.
Internet Explorer. While you are on a suspicious site, click the gear icon and then point to Safety. Then click Report Unsafe Website and use the web page that is displayed to report the website.
Outlook.com (formerly Hotmail). If you receive a suspicious email message that asks for personal information, click the check box next to the message in your Outlook inbox. Click the arrow next to Junk and then point to Phishing scam.
Microsoft Office Outlook 2010 and 2013. Right-click the suspicious message, point to Junk and then click Report Junk.
You can also download the Microsoft Junk E-mail Reporting Add-in for Microsoft Office Outlook.
Take these steps to minimize any damage if you suspect that you've responded to a phishing scam with personal or financial information or entered this information into a fake website.
Change the passwords or PINs on all your online accounts that you think could be compromised.
Place a fraud alert on your credit reports. Check with your bank or financial advisor if you're not sure how to do this.
Contact the bank or the online merchant directly. Do not follow the link in the fraudulent email.
If you know of any accounts that were accessed or opened fraudulently, close those accounts.
Routinely review your bank and credit card statements monthly for unexplained charges or inquiries that you didn't initiate.
Criminals who send out phishing scams (often called "phishers") send out millions of messages to randomly generated email addresses. They fake or "spoof" popular companies in order to fool the largest number of people.
For more information, see How do spammers get my email address?