Aaron Kornblum (l), Microsoft Internet Safety Enforcement attorney, and Lydia Parnes, acting director of the Federal Trade Commission's Bureau of Consumer Protection announced on March 31, 2005 that Microsoft has filed 117 lawsuits against alleged phishers as part of its commitment to protecting consumers against "phishing" and other cybercrime. The company filed the trademark infringement lawsuits on Thursday in the U.S. District Court for the Western District of Washington in Seattle against John Doe defendants. Microsoft's legal team hopes to establish connections between phishing scams worldwide and uncover the largest-volume operators. In the meantime, they suggest following these simple steps to avoid phishing scams:
- Be suspicious if someone contacts you unexpectedly and asks for your personal information. It's hard to tell whether something is legitimate by looking at an e-mail or a Web site, or talking to someone on the phone. But if you're contacted out of the blue and asked for your personal information, it's a warning sign that something is "phishy." Most legitimate companies and agencies don't operate that way.
- Don't click on a link in an e-mail message that asks for your personal information. It may take you to a phony Web site that looks just like the Web site of the real company or government agency. Following the instructions, you enter your personal information on the Web site - and into the hands of identity thieves. To check whether the message is really from the company or agency, call it directly or go to the company's Web site. If you don't have the telephone number, get it from the phone book, the Internet or directory assistance. Use a search engine to find the official Web site.
- If someone contacts you and says you've been a victim of fraud, verify the person's identity before you provide any personal information. Legitimate credit card issuers and other companies may contact you if there is an unusual pattern indicating that someone else might be using one of your accounts. But usually they only ask if you made particular transactions; they don't request your account number or other personal information. Law enforcement agencies might also contact you if you've been the victim of fraud. To be on the safe side, ask for the person's name, the name of the agency or company, the telephone number, and the address. Then get the main number (see tip above) and call to find out if the person is legitimate.