How to handle suspicious e-mail

There are good reasons to be suspicious of e-mail.

Some e-mail messages might be phishing scams, some might carry viruses. Images in spam e-mail might turn out to be pornographic, or to include Web beacons, which can be adapted to secretly send a message back to the sender.

Follow these guidelines to help protect yourself when suspicious mail shows up in your Inbox.

1. If you receive a phishing e-mail message, do not respond to it. Don’t open junk mail at all

   • If an e-mail looks suspicious, don’t risk your personal information by responding to it.
   • Delete junk e-mail messages without opening them. Sometimes even opening spam can alert spammers or put an unprotected computer at risk.
   • Don’t reply to e-mail unless you’re certain that the message comes from a legitimate source. This includes not responding to messages that offer an option to “Remove me from your list.”
   • Do not “unsubscribe” unless the mail is from a known or trusted sender.
   • Use the junk mail tools in your e-mail program. For example, Windows Live Hotmail gives you the option to unsubscribe from mail that you previously had trusted or requested. This sends a notice back to the sender to have you removed from their list, while at the same time automatically adding the sender to your block list.

2. Approach links in e-mail messages with caution

   Links in phishing e-mail messages often take you to phony sites that encourage you to transmit personal or financial information to con artists. Avoid clicking a link in an e-mail message unless you are sure of the real target address, or URL.

   Most e-mail programs show you the real target address of a link when you hover the mouse over the link.

   Before you click a link, make sure to read the target address. If the e-mail message appears to come from your bank, but the target address is just a meaningless series of numbers, do not click the link.

   Make sure that the spelling of words in the link matches what you expect. Fraudsters often use URLs with typos in them that are easy to overlook, such as “micosoft.”

3. Approach images in e-mail with caution

   Just as a lighthouse beacon beams a message with light, pictures in e-mail messages—also called “Web beacons”—can be adapted to secretly send a message back to the sender.

   Spammers rely on information returned by these images to locate active e-mail addresses. Images can also contain harmful code and can be used to deliver a spammer’s message in spite of filters.

   The best defense against Web beacons is to prevent pictures from downloading until you’ve had a chance to review the message.

   Both Windows Live Hotmail and Microsoft Outlook 2007 are preset to do this automatically for e-mail from addresses not in your address book.

4. Approach attachments in e-mail messages with caution

   Attachments might be viruses or spyware that download to your machine when you open the attachment file. If you don’t know who the attachment is from or if you weren’t expecting it, don’t open it.

5. Don’t trust the sender information in an e-mail message

   Even if the e-mail message appears to come from a sender that you know and trust, use the same precautions that you would use with any other e-mail message.

   Fraudsters can easily spoof the identity information in an e-mail message.

6. Don’t trust offers that seem too good to be true

   If a deal or offer in an e-mail message looks too good to be true, it probably is. Exercise your common sense when you read and respond to e-mail messages.

7. Report suspicious e-mail

   If you receive a suspicious e-mail that looks like it came from a company that you know and trust, report the e-mail to the faked or “spoofed” organization.

   Contact the organization directly-not through the e-mail you received-and ask for confirmation. Or call the organization’s toll-free number and speak to a customer service representative. Report the e-mail to the proper authorities, including the FBI, the Federal Trade Commission (FTC), and the Anti-Phishing Working Group.

8. Don’t enter personal or financial information into pop-up windows

   One common phishing technique is to launch a fake pop-up window when someone clicks a link in a phishing e-mail message. To make the pop-up window look more convincing, it might be displayed over a window you trust. Even if the pop-up window looks official or claims to be secure, avoid entering sensitive information, because there is no way to check the security certificate. Close pop-up windows by clicking the red X in the top right corner (a “Cancel” button may not work as you’d expect).

9. Don’t forward chain e-mail messages

   Not only do you lose control over who sees your e-mail address, but you also may be furthering a hoax or aiding in the delivery of a virus.

   Plus, there are reports that spammers start chain letters expressly to gather e-mail addresses. If you don’t know whether a message is a hoax or not, a site like Snopes can help you separate fact from fiction.

10. Update your computer software

    At Microsoft, we continue to make improvements to our software to help protect your computer. Visit Microsoft Update to scan your Windows and install any high-priority updates that are offered to you and Click Here to scan your computer for program updates from other vendors.