Some cyber criminals use phishing scams to set up convincing spoofs of legitimate Web sites. They then try to trick you into visiting these Web sites and disclosing personal information, such as your credit card number.

Fortunately, there are several steps you can take to help protect yourself from these and other types of attacks.

What is a spoofed Web site?
Spoofed Web sites are commonly used in conjunction with phishing scams. The spoofed site is usually designed to look like the legitimate site, sometimes using components from the legitimate site. The best way to verify whether you are at a spoofed site is to verify the certificate.

Do not rely on the text in the address bar as an indication that you are at the site you think you are. There are several ways to get the address bar in a browser to display something other than the site you are on.

Use Internet Explorer 8
Internet Explorer 8 is designed to help you avoid fraud, phishing scams, viruses, and other malware.
Avoid phishing scams. In Internet Explorer 8, the SmartScreen Filter helps detect unsafe and potentially unsafe Web sites as you browse. It alerts you if a site you are trying to open has been reported as unsafe, and allows you to report unsafe sites yourself. For more information, see SmartScreen Filter: Frequently Asked Questions.

Identify fake Web addresses. Internet Explorer 8 helps you avoid deceptive Web sites that are designed to trick you with misleading addresses. The domain name in the address bar is highlighted in black and the remainder of the address is highlighted in gray to make it easy to identify a Web site’s true identity.

Identify fake Web addresses

Typo scamming
Cyber criminals also use Web addresses that resemble the name of a well-known company but are slightly altered by adding, omitting, or transposing letters. For example, the address “www.microsoft.com” could appear instead as:
* www.micosoft.com
* www.mircosoft.com
* www.verify-microsoft.com

This is called “typo-squatting” or “cybersquatting.” Scammers register these domain names in order to compete with the popular site or to earn money through advertisements.

If you enter the wrong URL you might be taken to a site where you’ll see an ad for the site you really wanted. If you click on that ad, you might get to where you want to go: You’ve made an extra click and the scammer has earned some money.

Typo-squatters and cybersquatters can also create more insidious scams, such as downloading malicious software applications and spyware onto unprotected computers that connect to their sites.

The United States and other countries have passed legislation to help challenge cybersquatting registrations, and the Internet Corporation for Assigned Names and Numbers (ICANN) has worked to remedy the situation, but cybersquatters are still out there.

Share on Facebook

Phishing e-mail messages are designed to steal your identity. They ask for personal data, or direct you to Web sites or phone numbers to call where they ask you to provide personal data.

Phishing e-mail messages take a number of forms:
* They might appear to come from your bank or financial institution, a company you regularly do business with, such as Microsoft, or from your social networking site.
* They might appear to be from someone you know. Spear phishing is a targeted form of phishing in which an e-mail message might look like it comes from your employer, or from a colleague who might send an e-mail message to everyone in the company, such as the head of human resources or IT.
* They might ask you to make a phone call. Phone phishing scams direct you to call a customer support phone number. A person or an audio response unit waits to take your account number, personal identification number, password, or other valuable personal data. The phone phisher might claim that your account will be closed or other problems could occur if you don’t respond.
* They might include official-looking logos and other identifying information taken directly from legitimate Web sites, and they might include convincing details about your personal information that scammers found on your social networking pages.
* They might include links to spoofed Web sites where you are asked to enter personal information.

Here are a few phrases to look for if you think an e-mail message is a phishing scam.

“Verify your account.”
Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail.
If you receive an e-mail message from Microsoft asking you to update your credit card information, do not respond: this is a phishing scam.

“You have won the lottery.”
The lottery scam is a common phishing scam known as advanced fee fraud. One of the most common forms of advanced fee fraud is a message that claims that you have won a large sum of money, or that a person will pay you a large sum of money for little or no work on your part. The lottery scam often includes references to big companies, such as Microsoft. There is no Microsoft lottery.

“If you don’t respond within 48 hours, your account will be closed.”
These messages convey a sense of urgency so that you’ll respond immediately without thinking. A phishing e-mail message might even claim that your response is required because your account might have been compromised.

Share on Facebook

Phishing is a type of deception designed to steal your valuable personal data, such as credit card numbers, Windows Live IDs, other account data and passwords, or other information. It is also known as identity theft, and is a type of social engineering.

You might see a phishing scam:
* In e-mail messages, even if they appear to be from a coworker or someone you know.
* On your social networking Web site.
* On a fake Web site that accepts donations for charity.
* On Web sites that spoof your familiar sites but that use slightly different Web addresses, so you won’t notice.
* In your instant message program.
* On your cell phone or other mobile device.

Often phishing scams rely on links in e-mail messages, on Web sites, or in instant messages that seem to come from a service that you trust, like your bank, credit card company, or social networking site.

Tip: To see updated examples of popular phishing scams or to report a possible phishing scam, visit the Anti-Phishing Working Group Archive.

The purpose of social engineering is usually to secretly install spyware or other malicious software or to trick you into handing over your passwords or other sensitive financial or personal information.

Share on Facebook

Online fraud can be annoying and costly for you and might pose serious risks to your computer. You can help reduce online fraud by learning to recognize scams and taking steps to avoid them.

Identity theft has been around for a while, but the cost to consumers has risen since criminals have gone online. Criminals who want to gain access to your online accounts use phishing, hoaxes, or other scams to obtain personal information such as your name, social security number, account name, or password.

Common types of online scams:
Here are some common types of scams that you should learn to recognize and avoid.
* Phishing scams are fraudulent e-mail messages or Web sites designed to trick you into entering personal or financial information. Phishing scams often spoof companies you know and trust, like your bank, and might contain urgent messages with threats of account closures or other alarming consequences. Some phishing e-mail messages and Web sites contain malicious or unwanted software that can enter your computer if you click links or file attachments. For more information, see ID theft and phishing scams.

* Hoaxes include lottery scams and advanced fee fraud scams. For example, an e-mail message might request your help in a financial transaction—such as the transfer of a large sum of money into your account. Or a message might contain a claim that you have received a large inheritance from someone you do not know, or that you have won a lottery that you did not enter. For more information, see Scams that promise money, gifts, or prizes.

Six signs of a scam
Be on the lookout for these six things to help protect yourself from scammers.
1. Generic introductions such as “Dear Customer,” which indicate that the sender does not know you and should not be trusted.
2. Alarming or urgent statements that require you to respond immediately.
3. Requests for personal or financial information, such as user names or passwords, credit card or bank account numbers, social security numbers, date of birth, or other information that can be used to steal your identity.
4. Misspellings and grammatical errors, including Web addresses. The Web address might look very similar to the address of a legitimate business, with a minor change. For example, instead of www.microsoft.com, the scammer might use www.micrsoft.com. For more information, see Typos can cost you.
5. The text of the link in the e-mail message is different from the Web address that you are directed to when you click the link. You can determine the actual Web address for a link by hovering over the link without clicking it. The Web address appears in a text box above the link.
6. The “From” line in the original e-mail message to you shows a different Web address than the one that appears when you try to reply to the message.

How can I help prevent a scam from happening to me?
The following suggestions could help you avoid online fraud.
* Delete spam. Do not open it or reply to it, even to ask to be removed from a mailing list. When you reply, you confirm to the senders that they have reached an active e-mail account.
* Use caution when you click links in an e-mail message, text message, pop-up window, or instant message. Instead, type Web addresses in a Web browser, or use your online bookmarks.
* Do not open e-mail attachments or click instant message download links, unless you know who sent the message and you were expecting the attachment or link.
* Be cautious about providing your personal or financial information online. Do not fill out forms in e-mail messages that ask for personal or financial information.
* Create strong passwords and avoid using the same password for your bank and other important accounts. For more information, see Creating a strong password for your e-mail account: why you should and how to do it.
* Use Internet Explorer 8 or similar Web browsers that include an additional layer of protection with sites that use Extended Validation (EV) SSL Certificates. With Internet Explorer 8, the address bar turns green to notify you that there is more information available about the Web site you are visiting. The identity of the Web site owner is also displayed on the address bar.
* Visit Microsoft Update to install the latest security updates and turn on the automatic update feature.
* Make sure your computer’s firewall is turned on and that you use antivirus software, which should also be regularly updated.
* Check your bank and credit card statements closely to identify and report any transactions that are not legitimate.
* Never pay bills, bank, shop, or conduct other financial transactions on a public or shared computer, or over a public wireless network. If you do log on to public computers, look for computers on networks that require a password, which increases security.

What should I do if I notice suspicious activity?
If you think an e-mail message might be fraudulent, we recommend taking the following precautions.
* Delete the message. Do not respond or click links in it.
* Report any suspicious activity. (See below for contact information.)
* If you believe that someone is using your Windows Live account, you can reset your password. Go to http://login.live.com and click Forgot your password?
* Fraudulent e-mail messages sometimes contain unwanted or malicious software (also known as malware). If you think you might have malware on your computer, go to safety.live.com and scan your computer to check for and remove unwanted software.

Share on Facebook

Nothing can guarantee the security of your computer 100 percent.

You can continue to improve your computer’s security and decrease the possibility of infection by using a firewall, keeping your system up-to-date, maintaining a current antivirus software subscription, and following a few best practices.

Tip: Because no security method is guaranteed, it’s important to back up critical files on a regular basis before you encounter a virus or other problems.

Steps to help avoid viruses:
1. Use an Internet firewall.
Note: Windows Vista and Windows XP with SP2 has a firewall already built-in and turned on by default.
2. Visit Microsoft Update to verify your settings and check for updates.
Note: If you’ve installed the most recent version of Microsoft Office, Microsoft Update will also update your Office programs.
3. Subscribe to antivirus software and keep it current.
4. Never open an e-mail attachment from someone you don’t know.
5. Avoid opening an e-mail attachment from someone you know, unless you know exactly what the attachment is. The sender may be unaware that it contains a virus.
6. Use a standard user account unless you need to use an Administrator Account. For more information, see Why use a standard user account instead of an administrator account.

What about spyware?
Although spyware programs are different from viruses, some can behave like viruses and pose similar and other risks. To help protect against spyware, use antispyware software such as Windows Defender. Windows Defender comes with Windows Vista. If you use Windows XP SP2, you can download Windows Defender for no charge.

Share on Facebook