Email and web scams: How to help protect yourself
When you read email, use a social networking site (like Facebook) or surf the Internet, you should be wary of scams that try to steal your personal information (identity theft), your money, or both. Many of these scams are known as "phishing scams" because they "fish" for your information.
On This Page
How to report a scam
You can use Microsoft tools to report a suspected scam.
Internet Explorer. While you are on a suspicious site, click the gear icon and then point to Safety. Then click Report Unsafe Website and use the web page that is displayed to report the website.
Outlook.com (formerly Hotmail). If you receive a suspicious email message that asks for personal information, click the check box next to the message in your Outlook inbox. Click the arrow next to Junk and then point to Phishing scam.
Microsoft Office Outlook 2010 and 2013. Right-click the suspicious message, point to Junk, and then click Report Junk. For more information, see Overview of the junk email filter.
You can also download the Microsoft Junk E-mail Reporting Add-in for Microsoft Office Outlook.
Report phone scams
Learn about how to report phone fraud in the United States. Outside of the US, contact your local authorities.
How to recognize scams
New scams seem to appear every day. We try to keep up with them in our Security Tips & Talk blog. To see the latest scams, browse through our fraud section. In addition, you can learn to recognize a scam by familiarizing yourself with some of the telltale signs.
Scams can contain the following:
Alarmist messages and threats of account closures.
Promises of money for little or no effort.
Deals that sound too good to be true.
Requests to donate to a charitable organization after a disaster that has been in the news.
Bad grammar and misspellings.
For more information, see How to recognize phishing emails and links.
Here are some popular scams that you should be aware of:
Scams that use the Microsoft name or names of other well-known companies. These scams include fake email messages or websites that use the Microsoft name. The email message might claim that you have won a Microsoft contest, that Microsoft needs your logon information or password, or that a Microsoft representative is contacting you to help you with your computer. (These fake tech-support scams are often delivered by phone.) For more information, see Avoid scams that use the Microsoft name fraudulently.
Lottery scams. You might receive messages that claim that you have won the Microsoft lottery or sweepstakes. These messages might even look like they come from a Microsoft executive. There is no Microsoft Lottery. Delete the message. For more information, see What is the Microsoft Lottery Scam?
Rogue security software scams. Rogue security software, also known as "scareware," is software that appears to be beneficial from a security perspective but provides limited or no security, generates erroneous or misleading alerts, or attempts to lure you into participating in fraudulent transactions. These scams can appear in email, online advertisements, your social networking site, search engine results, or even in pop-up windows on your computer that might appear to be part of your operating system, but are not. For more information, see Watch out for fake virus alerts.
What to do if you think you have been a victim of a scam
If you suspect that you've responded to a phishing scam with personal or financial information, take these steps to minimize any damage and protect your identity.
Change the passwords or PINs on all your online accounts that you think might be compromised.
Place a fraud alert on your credit reports. Check with your bank or financial advisor if you're not sure how to do this.
Contact the bank or the online merchant directly. Do not follow the link in the fraudulent email message.
If you know of any accounts that were accessed or opened fraudulently, close those accounts.
Routinely review your bank and credit card statements monthly for unexplained charges or inquiries that you didn't initiate.
Microsoft offers several tools to help you avoid phishing scams when you browse the web or read your email.
Windows Internet Explorer. In Internet Explorer, the domain name in the address bar is emphasized with black type and the remainder of the address appears gray to make it easy to identify a website's true identity.
The SmartScreen Filter in Internet Explorer also gives you warnings about potentially unsafe websites as you browse. For more information, see SmartScreen Filter: frequently asked questions.
Outlook.com. Microsoft's free webmail program (formerly Hotmail) also uses SmartScreen technology to screen email. SmartScreen helps identify and separate phishing threats and other junk email from legitimate email. For more information, see Help keep spam out of your inbox.
Microsoft Office Outlook. The Junk E-mail Filter in Outlook 2013, Outlook 2010, and other Microsoft email programs evaluates each incoming message to see if it includes suspicious characteristics common to phishing scams.
The Junk Email Filter evaluates each incoming message and if it determines that a message is suspicious, the message is sent to the Junk Email folder. The links in the message are also disabled as are the Reply and Reply All commands. In addition, any attachments in the suspicious message are blocked.
For more information, see How Outlook helps protect you from viruses, spam, and phishing.