More servicesWindows Live
HomeHotmailSpacesOneCare
 
MSN
Languages   |   Help

What is phishing?

Get the basics on phishing: Part 1

Just when you thought it was safe to go back into your inbox, there's a new form of spam e-mail—phishing. In 2004, phishing e-mails grew 5,000 percent, with nearly 18 million phishing attempts recorded.

What is phishing?

Just like a lure might be dangled in front of a fish to trick it into thinking there’s a real worm at the end of the hook, phishing is e-mail or instant messages that look like they’re from a reputable company to get you to click a link. These messages can look like the real thing, right down to a spoofed e-mail address (faking someone else’s e-mail address is known as “spoofing”). When unsuspecting users click the link, they’re taken to an equally convincing (and equally fake) Web page or pop-up window that’s been set up to imitate a legitimate business. The phishing site will ask for the user’s personal information, which the phisher then uses to buy things, apply for a new credit card, or otherwise steal a person’s identity.

 

Get protection from one of the fastest-growing threats on the Internet with this free download—try the Windows Live OneCare Advisor for the Windows Live Toolbar.

 

 

Get a free PC scan!

Find and fix safety and health issues on your PC now.

What does it mean?

PII
Personally Identifiable Information.

phisher
A malicious user or Web site that deceives people into revealing personal information, such as account passwords and credit card numbers.

spam
Unsolicited commercial e-mail.

What are the signs of phishing?

Spotting the imposters can be tricky since phishers go to great lengths to look like the real thing, but here are a few warning signs:

·          Unsolicited requests for personal information. Most businesses aren’t going to ask you for your personal information out of the blue—especially not an organization such as your bank or credit card company, which should already have this information on file. If you do get a request for personal information, call the company first and make sure the request is legitimate.

·          Alarmist warnings. Phishers often attempt to get people to respond without thinking, and a message that conveys a sense of urgency, perhaps by saying that an account will be closed in 48 hours if you don’t take immediate action, may cause you to do just that.

·          Mistakes. The little things can often reveal the biggest clues. Phishers often slip up on the finer details and overlook typos, mistakes in grammar, and so on.

·          Addressed as “Customer.” If your bank, for example, regularly addresses you by name in its correspondence and you get an e-mail addressed to “Dear Customer,” this may be a phishing attempt.

·          The words “verify your account.” A legitimate business will not ask you to send passwords, logon names, Social Security numbers, or other personally identifiable information through e-mail. Be suspicious of a message that asks for personal information no matter how authentic it looks.

·          The phrase “Click the link below to gain access to your account.” HTML-formatted messages can contain links or forms that you can fill out just as you’d fill out a form on a Web site. The links that you are urged to click may contain all or part of a real company's name, but the link you see is actually taking you to a phony Web site.

 

Trust your instincts. If an e-mail message looks suspicious, it probably is.

Another common technique that phishers use is a Uniform Resource Locator (URL) that at first glance appears to be the name of a well-known company but is slightly altered by intentionally adding, omitting, or transposing letters. For example, the URL "www.microsoft.com" could appear instead as:

www.micosoft.com
www.mircosoft.com
www.verify-microsoft.com

To help avoid this trap, it’s best to visit a Web site either by typing the URL in the address field yourself or by accessing it from your Favorites list. Be cautious when clicking links that claim to take you to a site.

 

Related topics

To learn more about phishing, read other topics in this series, including:

·          Help! I’ve fallen for a phishing scam!

·          How do I protect myself against phishing scams?