Cybercriminals will often try to trick you into clicking on malicious links in an e-mail, opening an infected attachment or providing personal data which can be used to steal your identity.
In these so-called 'phishing' attacks, an attacker might e-mail you a link to a website which looks convincing at first glance but is designed to trick you into disclosing your login credentials, bank account details or other sensitive personal information.
How to Spot a Phishing E-mail
A typical phishing e-mail will have a number of tell-tale suspicious features you should be aware of, including:
- Sender address in 'From' field is spelt wrong or does not match sender name
- Unspecified recipients in the 'To' field
- Vague subject line and content, often creating a sense of urgency or threating action
- Generic or non-personalised greeting (Dear Outlook User, Hello Amazon Customer, Greetings Account Owner, etc.)
- E-mail asks you to disclose personal or sensitive information (username, password, address, date of birth, bank account/PayPal details, etc.)
- Poor spelling, grammar and punctuation
- Embedded links which, when hovered over, point to a suspicious site
- Attachment with a generic filename (Invoice_006.doc, RestoreAccount.html, Order_0924.zip)
- Generic signature or no contact information (System Administrator, Account Manager, PayPal Team, Apple Support, etc.)
- Additions like 'Message ID', 'Email ID' or 'Copyright ©' to make the e-mail seem official
Examples of Phishing E-mails
Below are some examples of typical phishing e-mails with the tell-tale suspicious features you should be aware of highlighted in red:
Always ask yourself the following questions:
- Is the sender of the e-mail someone you know?
- Do any links in the e-mail look legitimate? Hover over the links to check the real URL
- Were you expecting the e-mail and any attachments?
- Is the e-mail asking you to disclose any sensitive personal information?
Report a Phishing E-mail
If you receive a suspicious email, do not click on any links, do not open any attachments and do not reply.
You should use the 'Report Message' button in Outlook and the Outlook Web App to report the phishing e-mail to Digital Services and Microsoft Security Center for analysis:
Outlook