Phishing

What is phishing?
Phishing (pronounced “fishing”) is a type of online identity theft. They use e-mail sites that are fraudulent and are designed to steal personal data or information such as credit card numbers, passwords, account data or other information.
As you read your mail or surf the Internet, beware of scams that try to steal your personal information (identity theft), their money, or both. Many of these scams is known as “phishing” because “fish” for information.

Fraudsters may send millions of fraudulent e-mail links to fraudulent websites that appear to come from trusted sites, such as a credit card company or bank and request you to provide personal information. Criminals can use this information for different types of fraud, including stealing money from your account, open new accounts in your name, or to obtain official documents, using the identity.

When you read email or surf the Internet, you should be wary of scams that try to steal your personal information (identity theft), your money, or both. Many of these scams are known as “phishing scams” because they “fish” for your information.
Scams can contain the following:
• Alarmist messages and threats of account closures.
• Promises of money for little or no effort.
• Deals that sound too good to be true.
• Requests to donate to a charitable organization after a disaster that has been in the news.
• Bad grammar and misspellings.
• Here are some popular scams that you should be aware of:
Scams that use the Microsoft, PC Doctor or names of other well-known companies. These scams include fake email messages or websites that use the Microsoft name. The email message might claim that you have won a Microsoft contest, that Microsoft needs your logon information or password, or that a Microsoft representative is contacting you to help you with your computer. (These fake tech-support scams are often delivered by phone.)
Here’s another form of Internet fraud that combines a variety of other common scams-social engineering, fake security software, and phishing.
Cybercriminals have started calling people on the telephone, claiming to be from Microsoft, and offering to help solve their computer problems. Once cybercriminals have gained a victim’s trust, they can do one or more of the following:
• Trick people into installing malicious software on their computer.
• Take control of a victim’s computer remotely and adjust settings in order to leave the computer vulnerable.
• Request credit card information so that cybercriminals can bill for the phony services.
Microsoft will not make unsolicited phone calls to help you with your computer. If you receive a phone call like this, hang up.
Rogue security software scams. Rogue security software, also known as “scareware,” is software that appears to be beneficial from a security perspective but provides limited or no security, generates erroneous or misleading alerts, or attempts to lure you into participating in fraudulent transactions. These scams can appear in email, online advertisements, your social networking site, search engine results, or even in pop-up windows on your computer that might appear to be part of your operating system, but are not. For more information, see Watch out for fake virus alerts.

How to report a scam
You can use Microsoft tools to report a suspected scam.
• Internet Explorer. While you are on a suspicious site, click the gear icon and then point to Safety. Then click Report Unsafe Website and use the web page that is displayed to report the website.
• Hotmail. If you receive a suspicious email message that asks for personal information, click the check box next to the message in your Hotmail inbox. Click Mark as and then point to Phishing scam.
• Microsoft Office Outlook. Attach the suspicious email message to a new email message and forward it to reportphishing@antiphishing.org. To learn how to attach an email message to an email message, see Attach a file or other item to an email message.
You can also download the Microsoft Junk E-mail Reporting Add-in for Microsoft Office Outlook.
What to do if you think you have been a victim of a scam
If you suspect that you’ve responded to a phishing scam with personal or financial information, take these steps to minimize any damage and protect your identity.
• Change the passwords or PINs on all your online accounts that you think might be compromised.
• Place a fraud alert on your credit reports. Check with your bank or financial advisor if you’re not sure how to do this.
• Contact the bank or the online merchant directly. Do not follow the link in the fraudulent email message.
• If you know of any accounts that were accessed or opened fraudulently, close those accounts.
• Routinely review your bank and credit card statements monthly for unexplained charges or inquiries that you didn’t initiate.
The SmartScreen Filter in Internet Explorer also gives you warnings about potentially unsafe websites as you browse.
• Windows Live Hotmail. Microsoft’s free webmail program also uses SmartScreen technology to screen email. SmartScreen helps identify and separate phishing threats and other junk email from legitimate email.
• Microsoft Office Outlook. The Junk E-mail Filter in Outlook 2010, Outlook 2007, and other Microsoft email programs evaluates each incoming message to see if it includes suspicious characteristics common to phishing scams. For more information, see How Outlook helps protect you from viruses, spam, and phishing.
• How phishing operates
• Phishers spam huge numbers of users with a seemingly credible e-mail that instructs the user to visit a Web site (also fraudulent) where they are prompted to enter or update their personal or private information (such as passwords and credit card, social security, and bank account numbers). Phishers also use pop-ups to try and scam users into entering sensitive information.
• What actually happens, to the trusting users who submit this information in response to a Phishing attempt, is that identity thieves steal the user’s information and their accounts are emptied.
• Phishing attempts are extremely sophisticated and it can be extremely difficult to tell if the e-mail or Web site is real. However, no credible organization (like your bank, Credit Card Company, will ever ask you for those kinds of details in an e-mail.
• Phishing got its name from the idea that bait is cast out among many fish, some of which actually bite, become hooked and are reeled in.
Quick Facts
Phishing is a scam where internet fraudsters send spam or pop-up messages to lure personal and financial information from unsuspecting victims. To avoid getting hooked:
• Don’t reply to email or pop-up messages that ask for personal or financial information, and don’t click on links in the message. Don’t cut and paste a link from the message into your Web browser — phishers can make links look like they go one place, but that actually send you to a different site.
• Some scammers send an email that appears to be from a legitimate business and ask you to call a phone number to update your account or access a “refund.” Because they use Voice over Internet Protocol technology, the area code you call does not reflect where the scammers really are. If you need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card.
• Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly.
• Don’t email personal or financial information.
• Review credit card and bank account statements as soon as you receive them to check for unauthorized charges.
• Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them.
How Not To Get Hooked by a “Phishing” Scam

“We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.”
“During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”
Have you received email with a similar message? It’s a scam called “phishing” — and it involves internet fraudsters who send spam or pop-up messages to lure personal information (credit card numbers, bank account information, Social Security number, passwords, or other sensitive information) from unsuspecting victims.
Phishers send an email or pop-up message that claims to be from a business or organization that you may deal with — for example, an Internet Service Provider (ISP), bank, online payment service, or even a government agency. The message may ask you to “update,” “validate,” or “confirm” your account information. Some phishing emails threaten a dire consequence if you don’t respond. The messages direct you to a website that looks just like a legitimate organization’s site. But it isn’t. It’s a bogus site whose sole purpose is to trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name.
We suggest these tips to help you avoid getting hooked by a phishing scam:
• If you get an email or pop-up message that asks for personal or financial information, do not reply. And don’t click on the link in the message, either. Legitimate companies don’t ask for this information via email. If you are concerned about your account, contact the organization mentioned in the email using a telephone number you know to be genuine, or open a new internet browser session and type in the company’s correct Web address yourself. In any case, don’t cut and paste the link from the message into your internet browser — phishers can make links look like they go to one place, but that actually send you to a different site.
• Area codes can mislead. Some scammers send emails that appear to be from a legitimate business and ask you to call a phone number to update your account or access a “refund.” Because they use Voice over Internet Protocol technology, the area code you call does not reflect where the scammers really are. If you need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card. And delete any emails that ask you to confirm or divulge your financial information.
• Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly. Some phishing emails contain software that can harm your computer or track your activities on the internet without your knowledge.
Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files. Anti-virus software scans incoming communications for troublesome files. Look for anti-virus software that recognizes current viruses as well as older ones; that can effectively reverse the damage; and that updates automatically.
A firewall helps make you invisible on the internet and blocks all communications from unauthorized sources. It’s especially important to run a firewall if you have a broadband connection. Operating systems (like Windows or Linux) or browsers (like Internet Explorer Firefox) also may offer free software “patches” to close holes in the system that hackers or phishers could exploit.
• Don’t email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization’s website, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins “https:” (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
• Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
• Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them. These files can contain viruses or other software that can weaken your computer’s security.
Check out PayPal’s Phishing Quiz
https://www.paypal.com/fightphishing