1. If you think you’ve received a phishing e-mail message, do not respond to it.
2. Report suspicious e-mail.
Report the e-mail to the faked or “spoofed” organization.
Contact the organization directly—not through the e-mail you received—and ask for confirmation. Or call the organization’s toll-free number and speak to a customer service representative. Report the e-mail to the proper authorities, including the FBI, the Federal Trade Commission (FTC), and the Anti-Phishing Working Group. For more information on how to report phishing scams, read What to do if you’ve responded to a phishing scam.
3. Don’t click links in e-mail messages.
Links in phishing e-mail messages often take you to phony sites that encourage you to transmit personal or financial information to con artists. Avoid clicking a link in an e-mail message unless you are sure of the destination. Even if the address bar displays the correct Web address, don’t risk being fooled. Con artists can display a fake URL in the address bar on your browser. To see an example of this, read Recognize phishing scams and fraudulent e-mails.
4. Type addresses directly into your browser or use your personal bookmarks.
If you need to update your account information or change your password, visit the Web site by using your personal bookmark or by typing the URL directly into your browser.
5. Check the security certificate before you enter personal or financial information into a Web site.
Make sure the site is secure before you type. In Internet Explorer, you can do this by checking the yellow lock icon on the status bar, as shown in the following example.
Example of a secure site lock icon. If the lock is closed, then the site uses encryption.
The closed lock icon signifies that the Web site uses encryption to help protect any sensitive, personal information that you enter, such as your credit card number, Social Security number, or payment details. It’s important to note that this symbol doesn’t need to appear on every page of a site, only on those pages that request personal information. Unfortunately, even the lock symbol can be faked. To help increase your safety, double-click the lock icon to display the security certificate for the site. The name following Issued to should match the name of the site. If the name differs, you may be on a fake site, also called a “spoofed” site. If you’re not sure whether a certificate is legitimate, don’t enter any personal information. Play it safe and leave.
Tip: If you don’t see the status bar at the bottom of your browser window, click View at the top of the browser, and then select Status Bar to activate it.
6. Don’t enter personal or financial information into pop-up windows.
One common phishing technique is to launch a fake pop-up window when someone clicks a link in a phishing e-mail message. To make the pop-up window look more convincing, it may be displayed over a window you trust. Even if the pop-up window looks official or claims to be secure, avoid entering sensitive information, because there is no way to check the security certificate. Close pop-up windows by clicking the red X in the top right corner (a “cancel” button may not work as you’d expect).
7. Use the latest products and services to help warn and protect you from online scams
|•||Install the latest e-mail software with spam and anti-phishing capabilities like Outlook 2003, Windows Live Hotmail or others to help identify and warn you about suspicious e-mails.|
|•||Install the Microsoft Phishing Filter using Internet Explorer 7 or Windows Live Toolbar. Phishing Filter helps protect you from Web fraud and the risks of personal data theft by warning or blocking you from reported phishing Web sites. Learn more on how to install this new technology.|
|•||Install up-to-date antivirus and antispyware software. Some phishing e-mail contains malicious or unwanted software that can track your activities or simply slow your computer. Try new antivirus and comprehensive computer health services like Windows Live OneCare and to help prevent spyware or other unwanted software, download Windows Defender.|
8. Update your computer software.
At Microsoft, we continue to make improvements to our software to help protect your computer. Visit Microsoft Update to scan your computer and install any high-priority updates that are offered to you.
If you have Automatic Updates enabled, the updates are delivered to you when they are released, but you have to make sure you install them.