Phishing is the activity of defrauding a person of financial information by posing as a legitimate company. In a phishing exercise, criminals will often create replicas of commercial web sites or make phone calls posing as a company employee to lure people into thinking they are dealing with a legitimate and familiar company and trick them into divulging private information, or to get them to download software onto their computer, which then allows the criminal access to that information.
WARNING: Treat all unsolicited emails and phone calls with skepticism. Legitimate companies rarely use unsolicited emails or phone calls. Do not ever provide any personal information over the phone or via email.
If you believe that you have been the victim of a phishing attempt, take down the caller or email information and report it to your local authorities. In the United States, you can also report the attempt to the Federal Trade Commission (FTC) using the FTC Complaint Assistant form.
NOTE: For more information about phishing and how to avoid it, please refer to the Microsoft® Safety & Security Center website.