According to a report by the Anti-Phishing Working Group, the number of recorded phishing sites nearly tripled between March and April of 2007.
Phishing is a type of fraud that uses e-mail and fake Web sites to trick you into giving away sensitive personal or financial information. The Anti-Phishing Working Group reports that Web sites of financial institutions, in particular large US banks, are the most spoofed Web sites.
Here are three steps you can take to help protect against phishing and other forms of ID theft:
1. Install the Microsoft Phishing Filter to help block fraudulent Web sites as you surf the Internet.
2. If you think you've received a phishing e-mail message, delete it and do not respond.
3. Don't click links in e-mail messages. Links in phishing e-mail messages often take you to phony sites that encourage you to enter personal or financial information that con artists then collect and use.
For more information and other ways to protect yourself from phishing scams, see:
On the second Tuesday of the month, Microsoft releases security updates and information bulletins. The information bulletins describe the updates and indicate which operating systems or programs these updates apply to.
You can also sign up to receive advance notification e-mail messages about the security updates. These e-mail messages are sent to you every Thursday before the Tuesday security update release. This service is called the Advanced Notification Service (ANS).
Subscribe to the ANS.
Also in recent months, the Microsoft Security Response Center (MSRC) surveyed customers about our security bulletins and how we can improve them.
Customers were satisfied with the level of technical detail in the bulletins but said they needed to be able to more quickly determine the severity of the bulletins and how the bulletins affected them.
With that in mind, the MSRC has made several changes to the information bulletin format.
See an example of the new layout.
A common question we get from readers goes like this:
"Help! A spammer hijacked my e-mail address and sends spam as me. What should I do?"
If you receive spam that appears to come from your own e-mail address, it is probably the result of the spammer forging the From: line or other parts of an e-mail message.
To help avoid spam in your e-mail inbox, you should:
· Use an e-mail program that includes filtering technology, and
· Follow some basic guidelines about posting your e-mail address on the Web.
Microsoft SmartScreen is spam-filtering technology that comes with all Microsoft e-mail programs, including:
· Microsoft Office Outlook 2003 and Microsoft Office Outlook 2007
· Windows Live Hotmail
· Windows Live Mail
· Windows Mail
Sender ID is a technology that helps verify that e-mail messages come from who they say they come from. Messages that have been authenticated by Sender ID are unlikely to be spam. Messages that fail Sender ID are more likely to be spam.
If you use the following e-mail programs, you already use Sender ID:
· MSN Hotmail
· Microsoft Exchange Server
· Microsoft Office Live Mail
If you see a Sender ID "failure", it probably means the e-mail From address has been spoofed, and that the e-mail message is probably spam.
For more information, read Sender ID helps keep e-mail honest.
Spammers often use powerful technology to collect e-mail addresses off the Internet. They send spam to these addresses, and spoof them to look like the return address on the spam they send.
You can minimize the chance that they'll collect your e-mail address with the following strategies:
· Only share your primary e-mail address with people you know.
· Avoid listing your e-mail address in large Internet directories and job-posting Web sites.
· Don't post your e-mail address on your own Web site (unless you disguise it as described below).
· Consider using a free e-mail service such as Windows Live Hotmail to help keep your primary e-mail address private. When you get too much spam there, simply drop the address for a new one.
· Disguise your e-mail address when you post it to a newsgroup, chat room, bulletin board, or other public Web page. For example, you can write out the “@” symbol, like this: SairajUdin AT example DOT com. This way, a person can interpret your address, but the automated programs that spammers use often cannot.
For more information, read Help keep spam out of your inbox.