Don’t be fooled by Web fraud this holiday season

The holidays: Spirits are high and so are the chances that someone will try to steal your personal information on the Internet.


Even if you’ve never heard the term “phishing,” chances are that you’ve been a target of a phishing scam¾a fraudulent e-mail or Web site that tries to fool you into filling out forms that could be used to steal your account information.


You know those e-mail messages that seem to come from your bank? Or maybe from an online store, or some other financial institution? Complete with a familiar logo?


The messages that contain a link that appears to go to a legitimate Web site?


Sometimes they look so real, but they’re not. Click on that link and it could cost you. A lot.


According to the Consumer Reports “State of the Net 2006” study, phishing attacks are as common today as they were last year, but with one disturbing difference: They’ve cost consumers five times as much money.


Phishing scams attempt to lure victims into visiting phony Web sites where criminals can collect passwords, or sensitive personal or financial information. Once criminals get what they’re after, they may use the victim’s account with the online store or bank, drain money from the victim’s account, or open new accounts in the victim’s name.


If you know anyone who’s been a victim of ID theft, you know it’s not pretty.


Here’s an example of what a phishing e-mail might look like.


example of a phishing e-mail




1.       This is what the URL looks like in the e-mail.

2.       This is where the URL goes.


How to help prevent phishing


Because phishing scams originate in your e-mail inbox, but can send you to fraudulent Web sites, it’s important to use good practices and new filters in both your e-mail program and your Web browser.


Good practices to help prevent phishing scams

·          Never click links in e-mail messages from businesses. If you think that the e-mail is legitimate, you should still enter the URL of the Web site directly into your Web browser.

·          Always check the security certificate before you enter personal or financial information on a Web site.

·          Don’t enter personal or financial information into pop-up windows.


For further explanation and more tips, see How to handle suspicious e-mail.


Tools to help prevent phishing scams

·          Use the latest version of your e-mail program. The newest versions of Microsoft Office Outlook, MSN Hotmail, and Windows Live Mail all contain phishing protections.

·          Use the latest version of your Web browser. Internet Explorer 7 includes Phishing Filter, which you need to turn on and opt into when you install it. You can also get phishing protection with the Windows Live Toolbar with OneCare Advisor.


The folks who work on this product tell me that these tools have helped block over one million phishing sites for consumers, just since October.


For more information, see Phishing Filter: Help protect yourself from online scams.



About the Author
Eve Blakemore

Group Manager, Trustworthy Computing

Eve Blakemore is a Group Manager for Trustworthy Computing who delivers consumer guidance around the latest trends in security and privacy. Eve joined Microsoft in 1998 and has worked in corporate and field roles with Microsoft Learning, US Public Sector, Read more »