Computer‎ > ‎Security‎ > ‎Phishing‎ > ‎

How to reduce the risk of online fraud

Online fraud can be annoying and costly for you and might pose serious risks to your computer. You can help reduce online fraud by learning to recognize scams and taking steps to avoid them.

Identity theft has been around for a while, but the cost to consumers has risen since criminals have gone online. Criminals who want to gain access to your online accounts use phishing, hoaxes, or other scams to obtain personal information such as your name, social security number, account name, or password.

Common types of online scams

Here are some common types of scams that you should learn to recognize and avoid.

  • Phishing scams are fraudulent e-mail messages or Web sites designed to trick you into entering personal or financial information. Phishing scams often spoof companies you know and trust, like your bank, and might contain urgent messages with threats of account closures or other alarming consequences. Some phishing e-mail messages and Web sites contain malicious or unwanted software that can enter your computer if you click links or file attachments.
  • Hoaxes include lottery scams and advanced fee fraud scams. For example, an e-mail message might request your help in a financial transaction—such as the transfer of a large sum of money into your account. Or a message might contain a claim that you have received a large inheritance from someone you do not know, or that you have won a lottery that you did not enter.

Six signs of a scam

Be on the lookout for these six things to help protect yourself from scammers.

  1. Generic introductions such as "Dear Customer," which indicate that the sender does not know you and should not be trusted.
  2. Alarming or urgent statements that require you to respond immediately.
  3. Requests for personal or financial information, such as user names or passwords, credit card or bank account numbers, social security numbers, date of birth, or other information that can be used to steal your identity.
  4. Misspellings and grammatical errors, including Web addresses. The Web address might look very similar to the address of a legitimate business, with a minor change. For example, instead of, the scammer might use For more information, see How to recognize spoofed Web sites.
  5. The text of the link in the e-mail message is different from the Web address that you are directed to when you click the link. You can determine the actual Web address for a link by hovering over the link without clicking it. The Web address appears in a text box above the link.
  6. The "From" line in the original e-mail message to you shows a different Web address than the one that appears when you try to reply to the message.

How can I help prevent a scam from happening to me?

The following suggestions could help you avoid online fraud.

  • Delete spam. Do not open it or reply to it, even to ask to be removed from a mailing list. When you reply, you confirm to the senders that they have reached an active e-mail account.
  • Use caution when you click links in an e-mail message, text message, pop-up window, or instant message. Instead, type Web addresses in a Web browser, or use your online bookmarks.
  • Do not open e-mail attachments or click instant message download links, unless you know who sent the message and you were expecting the attachment or link.
  • Be cautious about providing your personal or financial information online. Do not fill out forms in e-mail messages that ask for personal or financial information.
  • Create strong passwords and avoid using the same password for your bank and other important accounts.
  • Use Internet Explorer 8 or similar Web browsers that include an additional layer of protection with sites that use Extended Validation (EV) SSL Certificates. With Internet Explorer 8, the address bar turns green to notify you that there is more information available about the Web site you are visiting. The identity of the Web site owner is also displayed on the address bar.
  • Visit Microsoft Update to install the latest security updates and turn on the automatic update feature, also it's recommended to keep all other programs updated too, for more information see How to check for update.
  • Make sure your computer's firewall is turned on and that you use antivirus software, which should also be regularly updated.
  • Check your bank and credit card statements closely to identify and report any transactions that are not legitimate.
  • Never pay bills, bank, shop, or conduct other financial transactions on a public or shared computer, or over a public wireless network. If you do log on to public computers, look for computers on networks that require a password, which increases security.

What should I do if I notice suspicious activity?

If you think an e-mail message might be fraudulent, we recommend taking the following precautions.

  • Delete the message. Do not respond or click links in it.
  • Report any suspicious activity. (See below for contact information.)
  • If you believe that someone is using your Windows Live account, you can reset your password. Go to and click Forgot your password?
  • Fraudulent e-mail messages sometimes contain unwanted or malicious software (also known as malware). If you think you might have malware on your computer, visit Virus Removing.

For more information, see What to do if you're a victim of fraud.

Report suspicious activity

If you suspect that something is wrong, there are several ways to report the possible fraud.


U.S. agencies

Federal Trade Commission

Additional Resources

Visit these Web sites for additional information about how to protect yourself from fraud in the United States.