How to recognize phishing e-mails or links

A few clues can help you spot fraudulent e-mail messages or links within them.

What does a phishing e-mail look like?

Phishing e-mail messages are designed to steal your identity. They ask for personal data, or direct you to Web sites or phone numbers to call where they ask you to provide personal data.

Phishing e-mail messages take a number of forms:

  • They might appear to come from your bank or financial institution, a company you regularly do business with, such as Microsoft, or from your social networking site.
  • They might appear to be from someone you know. Spear phishing is a targeted form of phishing in which an e-mail message might look like it comes from your employer, or from a colleague who might send an e-mail message to everyone in the company, such as the head of human resources or IT.
  • They might ask you to make a phone call. Phone phishing scams direct you to call a customer support phone number. A person or an audio response unit waits to take your account number, personal identification number, password, or other valuable personal data. The phone phisher might claim that your account will be closed or other problems could occur if you don’t respond.
  • They might include official-looking logos and other identifying information taken directly from legitimate Web sites, and they might include convincing details about your personal information that scammers found on your social networking pages.
  • They might include links to spoofed Web sites where you are asked to enter personal information.

Here is an example of what a phishing scam in an e-mail message might look like.

54304_fake_url_1
Example of a phishing e-mail message, which includes a deceptive Web address that links to a scam Web site.

 

To make these phishing e-mail messages look even more legitimate, the scam artists may place a link in them that appears to go to the legitimate Web site (1), but actually takes you to a phony scam site (2) or possibly a pop-up window that looks exactly like the official site.

Here are a few phrases to look for if you think an e-mail message is a phishing scam.

“Verify your account.”

Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail.

If you receive an e-mail message from Microsoft asking you to update your credit card information, do not respond: this is a phishing scam.

“You have won the lottery.”

The lottery scam is a common phishing scam known as advanced fee fraud. One of the most common forms of advanced fee fraud is a message that claims that you have won a large sum of money, or that a person will pay you a large sum of money for little or no work on your part. The lottery scam often includes references to big companies, such as Microsoft. There is no Microsoft lottery.

“If you don’t respond within 48 hours, your account will be closed.”

These messages convey a sense of urgency so that you’ll respond immediately without thinking. A phishing e-mail message might even claim that your response is required because your account might have been compromised.

What does a phishing link look like?

Sometimes phishing e-mails direct you to spoofed web sites. Here’s an example of the kind of phrase you might see in an e-mail message that directs you to a phishing Web site:

“Click the link below to gain access to your account.”

HTML-formatted messages can contain links or forms that you can fill out just as you’d fill out a form on a Web site.

Phishing links that you are urged to click in e-mail messages, on Web sites, or even in instant messages may contain all or part of a real company’s name and are usually masked, meaning that the link you see does not take you to that address but somewhere different, usually an illegitimate Web site.

Notice in the following example that resting (but not clicking) the mouse pointer on the link reveals the real Web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company’s Web address, which is a suspicious sign.

Example of a masked Web address
Example of a masked Web address

 

Con artists also use Web addresses that resemble the name of a well-known company but are slightly altered by adding, omitting, or transposing letters. For example, the address“www.microsoft.com” could appear instead as:

  • www.micosoft.com
  • www.mircosoft.com
  • www.verify-microsoft.com

This is called “typo-squatting” or “cybersquatting”.

How to recognize spoofed Web sites

A few clues can help you spot fraudulent e-mail messages or links within them.

What does a phishing e-mail look like?

Phishing e-mail messages are designed to steal your identity. They ask for personal data, or direct you to Web sites or phone numbers to call where they ask you to provide personal data.

Phishing e-mail messages take a number of forms:

  • They might appear to come from your bank or financial institution, a company you regularly do business with, such as Microsoft, or from your social networking site.
  • They might appear to be from someone you know. Spear phishing is a targeted form of phishing in which an e-mail message might look like it comes from your employer, or from a colleague who might send an e-mail message to everyone in the company, such as the head of human resources or IT.
  • They might ask you to make a phone call. Phone phishing scams direct you to call a customer support phone number. A person or an audio response unit waits to take your account number, personal identification number, password, or other valuable personal data. The phone phisher might claim that your account will be closed or other problems could occur if you don’t respond.
  • They might include official-looking logos and other identifying information taken directly from legitimate Web sites, and they might include convincing details about your personal information that scammers found on your social networking pages.
  • They might include links to spoofed Web sites where you are asked to enter personal information.

Here is an example of what a phishing scam in an e-mail message might look like.

54304_fake_url_1
Example of a phishing e-mail message, which includes a deceptive Web address that links to a scam Web site.

 

To make these phishing e-mail messages look even more legitimate, the scam artists may place a link in them that appears to go to the legitimate Web site (1), but actually takes you to a phony scam site (2) or possibly a pop-up window that looks exactly like the official site.

Here are a few phrases to look for if you think an e-mail message is a phishing scam.

“Verify your account.”

Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail.

If you receive an e-mail message from Microsoft asking you to update your credit card information, do not respond: this is a phishing scam.

“You have won the lottery.”

The lottery scam is a common phishing scam known as advanced fee fraud. One of the most common forms of advanced fee fraud is a message that claims that you have won a large sum of money, or that a person will pay you a large sum of money for little or no work on your part. The lottery scam often includes references to big companies, such as Microsoft. There is no Microsoft lottery.

“If you don’t respond within 48 hours, your account will be closed.”

These messages convey a sense of urgency so that you’ll respond immediately without thinking. A phishing e-mail message might even claim that your response is required because your account might have been compromised.

What does a phishing link look like?

Sometimes phishing e-mails direct you to spoofed web sites. Here’s an example of the kind of phrase you might see in an e-mail message that directs you to a phishing Web site:

“Click the link below to gain access to your account.”

HTML-formatted messages can contain links or forms that you can fill out just as you’d fill out a form on a Web site.

Phishing links that you are urged to click in e-mail messages, on Web sites, or even in instant messages may contain all or part of a real company’s name and are usually masked, meaning that the link you see does not take you to that address but somewhere different, usually an illegitimate Web site.

Notice in the following example that resting (but not clicking) the mouse pointer on the link reveals the real Web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company’s Web address, which is a suspicious sign.

Example of a masked Web address
Example of a masked Web address

 

Con artists also use Web addresses that resemble the name of a well-known company but are slightly altered by adding, omitting, or transposing letters. For example, the address“www.microsoft.com” could appear instead as:

  • www.micosoft.com
  • www.mircosoft.com
  • www.verify-microsoft.com

This is called “typo-squatting” or “cybersquatting”.

How to reduce the risk of online fraud

Online fraud can be annoying and costly for you and might pose serious risks to your computer. You can help reduce online fraud by learning to recognize scams and taking steps to avoid them.

Identity theft has been around for a while, but the cost to consumers has risen since criminals have gone online. Criminals who want to gain access to your online accounts use phishing, hoaxes, or other scams to obtain personal information such as your name, social security number, account name, or password.

Common types of online scams

Here are some common types of scams that you should learn to recognize and avoid.

  • Phishing scams are fraudulent e-mail messages or Web sites designed to trick you into entering personal or financial information. Phishing scams often spoof companies you know and trust, like your bank, and might contain urgent messages with threats of account closures or other alarming consequences. Some phishing e-mail messages and Web sites contain malicious or unwanted software that can enter your computer if you click links or file attachments.
  • Hoaxes include lottery scams and advanced fee fraud scams. For example, an e-mail message might request your help in a financial transaction—such as the transfer of a large sum of money into your account. Or a message might contain a claim that you have received a large inheritance from someone you do not know, or that you have won a lottery that you did not enter.

Six signs of a scam

Be on the lookout for these six things to help protect yourself from scammers.

  1. Generic introductions such as “Dear Customer,” which indicate that the sender does not know you and should not be trusted.
  2. Alarming or urgent statements that require you to respond immediately.
  3. Requests for personal or financial information, such as user names or passwords, credit card or bank account numbers, social security numbers, date of birth, or other information that can be used to steal your identity.
  4. Misspellings and grammatical errors, including Web addresses. The Web address might look very similar to the address of a legitimate business, with a minor change. For example, instead of www.microsoft.com, the scammer might use www.micrsoft.com. For more information, see How to recognize spoofed Web sites.
  5. The text of the link in the e-mail message is different from the Web address that you are directed to when you click the link. You can determine the actual Web address for a link by hovering over the link without clicking it. The Web address appears in a text box above the link.
  6. The “From” line in the original e-mail message to you shows a different Web address than the one that appears when you try to reply to the message.

How can I help prevent a scam from happening to me?

The following suggestions could help you avoid online fraud.

  • Delete spam. Do not open it or reply to it, even to ask to be removed from a mailing list. When you reply, you confirm to the senders that they have reached an active e-mail account.
  • Use caution when you click links in an e-mail message, text message, pop-up window, or instant message. Instead, type Web addresses in a Web browser, or use your online bookmarks.
  • Do not open e-mail attachments or click instant message download links, unless you know who sent the message and you were expecting the attachment or link.
  • Be cautious about providing your personal or financial information online. Do not fill out forms in e-mail messages that ask for personal or financial information.
  • Create strong passwords and avoid using the same password for your bank and other important accounts.
  • Use Internet Explorer 8 or similar Web browsers that include an additional layer of protection with sites that use Extended Validation (EV) SSL Certificates. With Internet Explorer 8, the address bar turns green to notify you that there is more information available about the Web site you are visiting. The identity of the Web site owner is also displayed on the address bar.
  • Visit Microsoft Update to install the latest security updates and turn on the automatic update feature, also it’s recommended to keep all other programs updated too, for more information see How to check for update.
  • Make sure your computer’s firewall is turned on and that you use antivirus software, which should also be regularly updated.
  • Check your bank and credit card statements closely to identify and report any transactions that are not legitimate.
  • Never pay bills, bank, shop, or conduct other financial transactions on a public or shared computer, or over a public wireless network. If you do log on to public computers, look for computers on networks that require a password, which increases security.

What should I do if I notice suspicious activity?

If you think an e-mail message might be fraudulent, we recommend taking the following precautions.

  • Delete the message. Do not respond or click links in it.
  • Report any suspicious activity. (See below for contact information.)
  • If you believe that someone is using your account, you must reset your password. Go to your account login page and click Forgot your password?
  • Fraudulent e-mail messages sometimes contain unwanted or malicious software (also known as malware). If you think you might have malware on your computer, visit Virus Removing.

For more information, see What to do if you’re a victim of fraud.

Report suspicious activity

If you suspect that something is wrong, there are several ways to report the possible fraud.

U.S. agencies

Federal Trade Commission

Additional Resources

Visit these Web sites for additional information about how to protect yourself from fraud in the United States.

What to do if you’ve responded to a phishing scam

If you suspect that you’ve responded to a phishing scam with personal or financial information, take these steps to minimize any damage.

Step 1: Report the incident

Contact the following authorities:

  • Your credit card company, if you have given your credit card information. The sooner an organization knows your account may have been compromised, the easier it will be for them to help protect you.
  • The company that you believe was forged. Remember to contact the organization directly, not through the e-mail message you received.
  • In the United States, the Federal Trade Commission. Report the circumstances to the FTC: National Resource for Identity Theft.You can also report the phishing scam to the Anti-Phishing Working Group and to the FTC at spam@uce.gov.To report the scam to these groups:
    Create a new e-mail message addressed to them and attach the phishing e-mail message to the new message. 

    Note: You can also copy the entire phishing e-mail message and paste it in the new message.

Step 2: Change all your passwords

Step 3: Routinely review your statements

Review your bank and credit card statements monthly for unexplained charges or inquiries that you didn’t initiate.

Step 4: Use the most up-to-date tools

  • Make sure you are using fully updated operation system and software: Check for update
  • Install the latest e-mail software with spam and anti-phishing capabilities like Microsoft Office Outlook, Windows Live Mail, or others to help identify and warn you about suspicious e-mails.
  • Use a modern browser like Google Chrome to help detect unsafe and potentially unsafe Web sites as you browse.
  • Install up-to-date antivirus and antispyware software: Malware Prevention

What is phishing?

Phishing (pronounced “fishing”) is a type of online identity theft. It uses e-mail and fraudulent Web sites that are designed to steal your personal data or information such as credit card numbers, passwords, account data, or other information.

Con artists might send millions of fraudulent e-mail messages with links to fraudulent Web sites that appear to come from Web sites you trust, like your bank or credit card company, and request that you provide personal information. Criminals can use this information for many different types of fraud, such as to steal money from your account, to open new accounts in your name, or to obtain official documents using your identity.

For more information about phishing scams, see Recognize phishing scams and fraudulent e-mails.Phishing (pronounced “fishing”) is a type of online identity theft. It uses e-mail and fraudulent Web sites that are designed to steal your personal data or information such as credit card numbers, passwords, account data, or other information.
Con artists might send millions of fraudulent e-mail messages with links to fraudulent Web sites that appear to come from Web sites you trust, like your bank or credit card company, and request that you provide personal information. Criminals can use this information for many different types of fraud, such as to steal money from your account, to open new accounts in your name, or to obtain official documents using your identity.

For more information about phishing scams, see Recognize phishing scams and fraudulent e-mails.

What should I do if I receive an e-mail phishing scam?

If you think you’ve received a phishing scam, delete the e-mail message. Do not click any links in the message.
For more information, see How to handle suspicious e-mail.

How do I report a site that I think might be phishing?

To report a phishing Web site using Internet Explorer 8 and later, on the Safety menu, point to SmartScreen Filter, and then click Report unsafe Website.
To report a phishing Web site using Google Chrome, Click on the wrench icon and go to Tools and click on Report an issue, in the opened window from “Where are you having problems?” drop-down menu choose “Phishing Page”.
To report a phishing e-mail message using Google Mail or any other web based email (Hotmail, Yahoo etc) click Junk or Spam.

What should I do if I receive an e-mail phishing scam that appears to come from Microsoft?

Report the phishing attempt to Microsoft, using the address abuse@msn.com.

What should I do if I think I’ve responded to a phishing scam?

Take these steps to minimize any damage if you suspect that you’ve responded to a phishing scam with personal or financial information or entered this information into a fake Web site.

  • Report the incident to your credit card company if you’ve given credit card information.
  • Change the passwords on all your online accounts.
  • Review your credit card and bank statements weekly.

For more information, see What to do if you’ve responded to a phishing scam.

How do scammers get my e-mail address or know which bank I use?

Criminals who send out phishing scams (often called “phishers”) send out millions of messages to randomly generated e-mail addresses. They fake or “spoof” popular companies in order to fool the largest number of people.