Email and web scams: How to help protect yourself
When you read email or surf the Internet, you should be wary of scams that try to steal your personal information (identity theft), your money, or both. Many of these scams are known as "phishing scams" because they "fish" for your information.
On This Page
How to recognize scams
New scams seem to appear every day. We try to keep up with them in our Security Tips & Talk blog. To see the latest scams, browse through our fraud section. In addition, you can learn to recognize a scam by familiarizing yourself with some of the telltale signs.
Scams can contain the following:
Alarmist messages and threats of account closures.
Promises of money for little or no effort.
Deals that sound too good to be true.
Requests to donate to a charitable organization after a disaster that has been in the news.
Bad grammar and misspellings.
For more information, see How to recognize phishing emails and links.
Here are some popular scams that you should be aware of:
Scams that use the Microsoft name or names of other well-known companies. These scams include fake email messages or websites that use the Microsoft name. The email message might claim that you have won a Microsoft contest, that Microsoft needs your logon information or password, or that a Microsoft representative is contacting you to help you with your computer. (These fake tech-support scams are often delivered by phone.) For more information, see Avoid scams that use the Microsoft name fraudulently.
Lottery scams. You might receive messages that claim that you have won the Microsoft lottery or sweepstakes. These messages might even look like they come from a Microsoft executive. There is no Microsoft Lottery. Delete the message. For more information, see What is the Microsoft Lottery Scam?
Rogue security software scams. Rogue security software, also known as "scareware," is software that appears to be beneficial from a security perspective but provides limited or no security, generates erroneous or misleading alerts, or attempts to lure you into participating in fraudulent transactions. These scams can appear in email, online advertisements, your social networking site, search engine results, or even in pop-up windows on your computer that might appear to be part of your operating system, but are not. For more information, see Watch out for fake virus alerts.
How to report a scam
You can use Microsoft tools to report a suspected scam.
Internet Explorer. While you are on a suspicious site, click the Safety button or menu in Internet Explorer 8 and point to SmartScreen Filter. Then click Report Unsafe Website and use the web page that is displayed to report the website.
Hotmail. If you receive a suspicious email message that asks for personal information, click the check box next to the message in your Hotmail inbox. Click Mark as and then point to Phishing scam.
Microsoft Office Outlook. Attach the suspicious email message to a new email message and forward it to firstname.lastname@example.org. To learn how to attach an email message to an email message, see Attach a file or other item to an email message.
You can also download the Microsoft Junk E-mail Reporting Add-in for Microsoft Office Outlook.
What to do if you think you have been a victim of a scam
If you suspect that you've responded to a phishing scam with personal or financial information, take these steps to minimize any damage.
Change the passwords or PINs on all your online accounts that you think might be compromised.
Place a fraud alert on your credit reports. Check with your bank or financial advisor if you're not sure how to do this.
Contact the bank or the online merchant directly. Do not follow the link in the fraudulent email message.
If you know of any accounts that were accessed or opened fraudulently, close those accounts.
Routinely review your bank and credit card statements monthly for unexplained charges or inquiries that you didn't initiate.
Tools to help you avoid scams
Microsoft offers several tools to help you avoid phishing scams when you browse the web or read your email.
Windows Internet Explorer. In Internet Explorer 8, the domain name in the address bar is emphasized with black type and the remainder of the address appears gray to make it easy to identify a website's true identity.
The SmartScreen Filter in Internet Explorer also gives you warnings about potentially unsafe websites as you browse. For more information, see SmartScreen Filter: frequently asked questions.
Windows Live Hotmail. Microsoft's free webmail program also uses SmartScreen technology to screen email. SmartScreen helps identify and separate phishing threats and other junk email from legitimate email. For more information, see SmartScreen helps keep spam out.
Microsoft Office Outlook. The Junk E-mail Filter in Outlook 2010, Outlook 2007, and other Microsoft email programs evaluates each incoming message to see if it includes suspicious characteristics common to phishing scams. For more information, see How Outlook helps protect you from viruses, spam, and phishing.