What is Phishing and what do I do about it?

Here is a common example of a type of scam called "Phishing." 

Can you tell what is "Fishy" about this email?

Read on below for the tips and tools you need to protect yourself from scams like this!

What is Phishing?

From an excellent article by Microsoft called "How to recognize phishing email messages, links, or phone calls"*:

Phishing email messages, websites, and phone calls are designed to steal money. Cybercriminals can do this by installing malicious software on your computer or stealing personal information off of your computer.

Cybercriminals also use social engineering to convince you to install malicious software or hand over your personal information under false pretenses. They might email you, call you on the phone, or convince you to download something off of a website.

What does a Phishing email look like?

Here is an example of what a phishing scam in an email message might look like  (compare this to our email example above.)

• Spelling and bad grammar. Cybercriminals are not known for their grammar and spelling. Professional companies or organizations usually have a staff of copy editors that will not allow a mass email like this to go out to its users. If you notice mistakes in an email, it might be a scam. For more information, see Email and web scams: How to help protect yourself.

• Beware of links in email. If you see a link in a suspicious email message, don't click on it. Rest your mouse (but don't click) on the link to see if the address matches the link that was typed in the message. In the example below the link reveals the real web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company's web address.

  

  Links might also lead you to .exe files. These kinds of file are known to spread malicious software.

• Threats. Have you ever received a threat that your account would be closed if you didn't respond to an email message? The email message shown above is an example of the same trick. Cybercriminals often use threats that your security has been compromised. For more information, see Watch out for fake alerts.

• Spoofing popular websites or companies. Scam artists use graphics in email that appear to be connected to legitimate websites but actually take you to phony scam sites or legitimate-looking pop-up windows. For more information, see Avoid scams that use the Microsoft name fraudulently.

  Cybercriminals also use web addresses that resemble the names of well-known companies but are slightly altered. For more information, see Protect yourself from cybersquatting and fake web addresses.

Educating yourself and remaining aware of what you are doing when you open emails is the best way to keep yourself safe. 

If you think an email may be a "Phishing Expedition" and you think you recognize who it is from, why not give them a call and ask if they sent you the email?  If not, let them know they may have bad their email hacked, then move the email to your junk folder. 

Once you move an item to the junk mail folder Microsoft will take it from there and block it in the future! 

If you are not sure, DO NOT open or click links to find out.  Ask your friendly neighborhood tech guys, they will help!

Phishing can also be done via phone and even "regular" mail.  If you want more information here is the original article from Microsoft.