Phishing is an attack that attempts to steal your money, or your identity, by getting you to divulge personal information on websites that pretend to be legitimate sites. These websites are designed to lure you into revealing personal information, such as credit card numbers, bank information, or passwords. Cybercriminals typically pretend to be reputable companies, friends, or acquaintances in a fake message, which contains a link to a phishing website.
Learn to spot a phishing message
Phishing is a popular form of cybercrime because of how effective it is. Cybercriminals have been successful using emails, text messages, or direct messages on social media to get people to respond with their personal information. The best defense is awareness and knowing what to look for.
Here are some ways to recognize a phishing email:
- Urgent call to action or threats - Be suspicious of emails that claim you must click, call, or open an attachment immediately. Often they'll claim you have to act now to claim a reward or avoid a penalty. Creating a false sense of urgency is a common trick of phishing attacks and scams.
- Spelling and bad grammar - Cybercriminals are not known for their grammar and spelling. Professional companies or organizations usually have an editorial staff to ensure customers get high-quality, professional content. If an email message has obvious spelling or grammatical errors, it might be a scam.
- Suspicious links - If you suspect that an email message is a scam, do not open any links that you see. Instead, hover your mouse over, but don't click, the link to see if the address matches the link that was typed in the message. In the following example, resting the mouse on the link reveals the real web address in the box with the yellow background. Note that the string of IP address numbers looks nothing like the company's web address.
- Mismatched email domains - If the email claims to be from a reputable company, like Microsoft, but the email is being sent from another email domain like Yahoo.com, or microsoftsupport.ru it's probably a scam. Also be watchful for very subtle misspellings of the legitimate domain name. Like micros0ft.com where the second "o" has been replaced by a 0, or rnicrosoft.com, where the "m" has been replaced by an "r" and a "n". These are common tricks of scammers. This is very similar to the next tip...
- Altered web addresses - A form of spoofing where web addresses that closely resemble the names of well-known companies, but are slightly altered; for example, www.micorsoft.com or www.mircosoft.com.
Cybercriminals can also get you to visit fake websites with other methods, such as text messages or phone calls. Sophisticated cybercriminals set up call centers to automatically dial or text numbers for potential targets. These messages will often include prompts to get you to enter a PIN number or some other type of personal information.
Are you an administrator or IT pro?
If you have a Microsoft 365 subscription with Advanced Threat Protection you can enable ATP Anti-phishing to help protect your users. Learn more
Report phishing scams
You can forward the phishing email to the Anti-Phishing Working Group at email@example.com.
- Outlook.com. If you receive a suspicious email message that asks for personal information, select the check box next to the message in your Outlook inbox. Select the arrow next to Junk, and then select Phishing.
- Microsoft Office Outlook. While in the suspicious message, select Report message from the ribbon, and then select Phishing.
If you’re on a suspicious website:
- Microsoft Edge. While you’re on a suspicious site, select the More (…) icon > Help and feedback > Report Unsafe site. Follow the instructions on the webpage that displays to report the website.
- Internet Explorer. While you’re on a suspicious site, select the gear icon, point to Safety, and then select Report Unsafe Website. Follow the instructions on the webpage that displays to report the website.