Table of Contents
Phishing (pronounced “fishing”) is a type of online identity theft. It uses e-mail, text messages, and fraudulent Web sites that are designed to steal your personal data or information such as credit card numbers, passwords, account data, or other information.
Con artists might send millions of fraudulent messages with links to fraudulent Web sites that appear to come from Web sites you trust, like your bank or credit card company, and request that you provide personal information. Criminals can use this information for many different types of fraud, such as to steal money from your account, to open new accounts in your name, or to obtain official documents using your identity.
For more detail on spotting fraudulent messages, see How to recognize phishing e-mails or links.
What to do if you receive a phishing e-mail
If you think you’ve received a phishing scam, delete the e-mail message. Do not click any links in the message.
For more information, see How to handle suspicious e-mail.
How to report phishing
The original 2009 version of this guide pointed to Internet Explorer 8’s SmartScreen Filter and Windows Live Hotmail’s Junk button. Here is what still works:
- In your browser: use the built-in reporting option — in Chrome, Edge, or Firefox, look for “Report phishing” or “Report deceptive site” in the page menu or security panel.
- Google Safe Browsing: report a phishing page directly.
- Microsoft: forward phishing e-mails as an attachment to [email protected] or report through Outlook’s Report phishing button.
- Your e-mail provider: use the Report phishing or Report spam button in Gmail, Outlook, Yahoo, or whichever service you use — this helps train their filters.
Phishing that appears to come from Microsoft
Report the attempt by forwarding the message as an attachment to [email protected]. Do not click any links or open attachments in the original message.
If you already responded to a phishing scam
Take these steps to minimize any damage if you suspect that you’ve entered personal or financial information into a fake Web site:
- Report the incident to your credit card company if you’ve given credit card information.
- Change the passwords on all your online accounts.
- Review your credit card and bank statements weekly.
For the full recovery checklist, see What to do if you’ve responded to a phishing scam.
How scammers pick their targets
Criminals who send out phishing scams (often called “phishers”) send out millions of messages to randomly generated e-mail addresses. They fake or “spoof” popular companies in order to fool the largest number of people.