Be vigilant. Be suspicious. And follow these simple guidelines to help reduce your chances of getting hooked by a phishing scam.
Get free protection against phishing The Windows Live OneCare Advisor for the Windows Live Toolbar is a free download that automatically scans Web sites you visit and warns you if they are potentially suspicious. It will also block you from providing personal information to a known phishing Web site.
Never give sensitive personal information in a message
Most businesses will not ask for passwords, account or credit card numbers, or other confidential information in an e-mail, instant message, or pop-up window. While browsing, be particularly suspicious of windows that do not include the address bar. If you think you've received a phishing e-mail message, just delete it without responding.
Make sure the Web site is legitimate
Do not enter personal information unless you're sure it is to a Web site you trust and that the site takes appropriate steps to protect your data. Find out if the site uses encryption to protect your data. Look for “https” (the s is for “secure”) in the Web address, and check for a tiny closed padlock or an unbroken key icon in your browser window.
On some systems, the padlock (and key) can be faked, so double-click it to display the security certificate for the site. Look for a match between the name on the certificate and in the address bar. If the name differs, you may be on a faked site. If you have even the slightest doubt about a site's legitimacy, play it safe and leave.
Get a free PC scan!
Find and fix safety and health issues on your PC now.
What does it mean?
encryption Encoding electronic information in such a way that it is unreadable
to all but those possessing the key to the code.
firewall A security solution which segregates one portion of a network from another, allowing only authorized network traffic to pass through.
phisher A malicious user or Web site that deceives
people into revealing personal information, such as account passwords and
credit card numbers.
Be wary of clicking a link in a message or pop-up window
If you get an e-mail, instant message, or pop-up window that asks for personal information, do not click the link. Doing so could take you to a phony site where any information you give may be sent to the phisher who built it.
If you're unsure whether a message is genuine, call the company by using the telephone number on a past statement or the telephone book. To visit the company’s Web site, type the address (do not copy and paste), or use your own bookmark or Favorites list.
Routinely review your financial statements
Carefully check all your credit card and bank statements monthly and regularly log on to any online accounts. If you review your bank and credit card statements often, you may be able to catch con artists and stop them before they cause significant damage.
Improve your computer's security
Phishers hope you haven't been applying the latest security fixes, and may try to take advantage of these vulnerabilities. Some phishing e-mail may contain malicious or unwanted software that can track your activities or simply slow down your computer.
To improve your computer's protection, Microsoft suggests that you use a firewall and antivirus software and update it routinely, and keep your Windows and Office software up-to-date. See our checklist for PC security for more information.
You can check your computer’s current security status instantly and easily using the Windows Live OneCare safety scanner. And to ensure always-on security, check out Windows Live OneCare, the comprehensive PC health and security service from Microsoft.
Related topics
To learn more about phishing, read other topics in this series, including:
