If you have automatic updating turned on and you’re not using the latest version of Internet Explorer that works on your computer, Windows Update will automatically upgrade you this month. Internet Explorer 9 is Microsoft's latest web browser with even more security features, but you can opt-out if you want.
Don’t want to wait? You can download Internet Explorer 9 yourself right now.
More information
Microsoft’s Halo 4 Xbox video game won’t be released until December 2012, but some scammers are already launching fake Halo 4 beta websites designed to trick you into giving away your personal information or installing malicious software.
Don’t be fooled.
Get tips on how to report, recognize, and avoid scams.
We recently received this message from a small business owner:
I am stunned by the number of fake emails I get through my store’s email system, and some of them are quite sophisticated. I get them all the time from “UPS,” the “Better Business Bureau,” and today, “Bank of America.” Most of the time, they encourage me to open an attachment and fill out a form to prevent my account from being closed or to address a customer complaint. But sometimes the language and graphics are really quite professional. How can I protect my business against this kind of fraud?
The messages described here are known as phishing and if a phishing message appears in your email inbox, you can delete it or report it by using the newest versions of Internet Explorer, Hotmail, and Microsoft Office Outlook.
Use Microsoft tools to report a suspected scam
You can also download the Microsoft Junk E-mail Reporting Add-in for Microsoft Office Outlook.
Reduce the number of phishing emails you receive
Most of us put a boundary between our personal and professional lives. Online that’s not easy to do.
In the Official Microsoft blog, Brendon Lynch, Microsoft Chief Privacy Officer, writes, “Every piece of personal information that exists online about you -- whether posted by you or by others -- has the potential to impact how you are perceived by family and friends, an employer, a mortgage lender, and more.”
That’s why, on Data Privacy Day 2012, Microsoft is providing information and resources about how you can manage your personal information online.
Top tips to manage your information online
Get the rest of these tips and learn more about how to safeguard your online reputation:
You’d have to be a real early bird to be expecting your income tax return in the United States already. And yet, we’ve begun to see phishing scams that appear to come from support@irs.gov and offer links where you can check the status of your return.
The message uses language straight from the IRS website and goes something like this:
You filed your tax return and you’re expecting a refund. You have just one question and you want the answer now – Where’s My Refund?
Access this secure Web site to find out if the IRS received your return and whether your refund was processed and sent to you.
To get to your refund status, you’ll need to provide the following information as shown on your return:
Your first and last name Your Social Security Number (or IRS Individual Taxpayer Identification Number) Your Credit Card Information (for the successful complete of the process)
This email is a scam. Don’t respond and don’t send them any personal information.
Here are several common scam techniques that this message and others might use:
If you receive a message like this, delete it or report it. Learn more about how to recognize, avoid, and report scams like this one.
Ten years ago this week, Bill Gates sent a memo to all Microsoft employees announcing the Trustworthy Computing (TwC) initiative and defining the key aspects of TwC.
Gates wrote:
“Trustworthy Computing is computing that is as available, reliable and secure as electricity, water services and telephony.”
That announcement and the creation of TwC set the company on a path to help increase security and privacy for all of our computing experiences.
Learn about the history of TwC and read how Microsoft has reaffirmed its commitment to it for the next decade.
More information about Trustworthy Computing
You can help protect yourself and your family from identity theft, fraud, viruses, dangerous email, and more, with these ten New Year’s resolutions:
Microsoft releases security updates on the second Tuesday of every month. Today Microsoft released 7 security updates:
Get the updates.
Download a video about the updates.
To get more information about security updates and other privacy and security issues delivered to your email inbox, sign up for our newsletter.
Cybercriminals use social engineering to prey on our weaknesses. Sometimes they take advantage of our goodwill towards others, like in the “I’ve been mugged scam” I wrote about in a recent blog post. More often they try to trick us with deals that seem too good to be true.
Cybercriminals can also sneak software (called “ransomware”) onto your computer. This will pop up a window warning that illegal material has been found on your computer, and lock you out of your computer unless you pay a fee. We’ve been reporting on this kind of scam at least as far back as 2008, but the Microsoft Malware Protection Center recently blogged about its resurgence in several languages, including English, Spanish, German, and Dutch.
Get more information about this scam from the Microsoft Malware Protection Center blog.
Did you get a new computer or gaming system for the holidays and you want to get rid of your old one? Make sure you clear all the old files from your old PC before you recycle it. That way, if it falls into the wrong hands, a criminal won’t be able to access your personal information. If you want to transfer some of your old files, you can use Windows Easy Transfer.
Make sure you remove:
Get more information about what to do with your old PC
The holidays are here, and that means that more people are travelling for their vacations. We thought this would be a good time to remind you about a popular online scam designed to trick you into thinking that your friend is in trouble on vacation.
When cybercriminals break into someone’s email or social networking account, they might send emails or post messages pretending to be that person. One fairly common email tries to make your friends and contacts believe that you are in trouble, often in a foreign country, and you need them to send you money.
Here’s a message that I received from a colleague a few weeks ago:
I hope you get this on time, I made a trip to Edinburgh Scotland, and had my bag stolen from me with my passport and personal effects therein. The embassy has just issued me a temporary passport but I have to pay for a ticket and settle hotel bills. I've made contact with my bank but it would take me days to access funds in my account from Edinburgh, I need you to lend me some funds to cover these expenses. I can give back to you as soon as I get in. I can be reached by email, as I lost my phone in the robbery and don't have access to a phone at the moment.
If you are getting emails like this, it probably means that your friend was hacked. Delete the email or report it. If you use Hotmail, you can use the My friend’s been hacked tool to report it. To do this, select the email, point to Mark as and select My friend’s been hacked.
If people on your contact list are getting emails like this, it probably means that someone has stolen or guessed the password to your email account and your email address has been hijacked.
What to do if your friends are getting email messages that appear to come from you:
Whether your family is getting a new Xbox this holiday season or you want to upgrade the security on your current Xbox, here are our top tips.
Password protect your Xbox LIVE profile. Use a strong password to protect your profile. This is especially important if you or your family plan to download your Xbox LIVE profile or gamertag at someone else’s house so you can play on their console.
Learn how to control access to your account.
Add additional security proofs to your Windows Live ID. Add a mobile phone number, email address, secret question or other information to your account. If your password is stolen, this extra information can help you reset it. Think of this as making an extra copy of the keys to your house. To do this, go to the Manage security info webpage, and then sign in with your Windows Live ID.
Be alert for phishing scams. Phishing scams are designed to trick you into revealing personal information. One trick that cybercriminals use is to offer you deals that are too good to be true. Microsoft will never ask for your Windows Live ID password in an email or over the phone. Enter your Windows Live ID password only at known Microsoft trusted sites or through the Xbox 360 console. Learn more about phishing and other kinds of fraud.
Get more information
This month Microsoft announced participation as a founding member in the CEO Coalition on Child Online Safety.
Read more about online safety efforts for children from Microsoft’s representative on the CEO Coalition, Peter Cullen.
Here is some of our guidance on how to protect your family when you use technology:
Microsoft releases security updates on the second Tuesday of every month. Today Microsoft released 13 security updates.
Watch a video about the updates.
Today the Microsoft Security Response Center (MSRC) posted details about the December security updates. On Tuesday, December 13, 2011, at approximately 10 AM Pacific Time, Microsoft will release 14 bulletins.
The easiest way to get security updates when they're available is to turn on Windows automatic updating. For more information about how this works, see Understanding Windows automatic updating.
The Microsoft Security Bulletin Advance Notification Service offers details about security updates approximately three business days before they are released, which allows customers (especially IT professionals) to plan for effective deployment of security updates.
Advanced Notification includes information about:
For more information about the security updates that will be released on December 13, see Microsoft Security Bulletin Advance Notification for December 2011.
For official risk and impact analysis, as well as deployment guidance, visit the MSRC blog. If you are on Twitter, you can follow @MSFTSecResponse.
Last month we released new research showing that, while most people do take some steps to protect themselves online, there are opportunities to do more.
The Microsoft Computing Safety Index (MCSI) is a scoring system of more than 20 steps you can take to help protect yourself online.
Many of you probably already do the basics, such as turning on and leaving on your firewall, using antivirus software, and keeping your operating system and other software updated. But, do you regularly use search engines to monitor the information that’s available about you online? Do you use passwords that incorporate letters numbers and symbols?
Find out how you measure up, by taking the survey.
We sometimes hear from customers who want to know if an email which appears to be from Microsoft is real or not. If you receive an email that claims to come from Microsoft, but it contains an attachment or asks you to send passwords, user names, or financial information, it’s probably a fake. Te best thing to do is to delete it.
This week, Microsoft and other technology companies have joined forces with anti-phishing start-up Agari to help stem the tide of those fake emails.
Read this CNET article for more information about how Agari uses cloud technology to help stop phishing and other kinds of email fraud.
Get more information about how to avoid scams that use the Microsoft name fraudulently.
If you receive a phone call from someone who claims to be from Microsoft and says that your computer has a virus, hang up.
This call is probably from a cybercriminal who wants to charge you for a bogus service or trick you into installing malicious software on your computer that could capture sensitive data. Then, they might even charge you to remove the software that they tricked you into installing.
Microsoft does not make unsolicited calls to ask for personal information or to charge you for computer updates. You can update your computer automatically and for free with Windows Update.
For more information, see Phone Scammers: Here to help...themselves.
If you think you might have already been a victim of this scam, learn how to report it.
Get more information about how to avoid tech support phone scams.
For the third and last installment in our series on how to stay safer when you shop online this holiday season, we have a few tips on what to do if you think you might already be a victim of a shopping scam.
Check your statements. If you think you might have given away personal or financial information to a cybercriminal, check your bank and credit card statements. You should do this regularly, especially over the holidays.
Get more information about what to do if you think you’ve been a victim of a scam.
Change your passwords. Change your passwords on shopping sites, your email account, bank account, and other online financial institutions. Don’t use the same passwords for each of these accounts.
Get more information about creating strong passwords.
Report scams, fraud, identity theft, or other abuse.
For more information about how to stay safer when you shop online, see part one and part two in this series.
Your best friend from high school is probably not a cat burglar. But do you know everyone on your friends’ and followers’ lists (or everyone on their lists) on your social networking sites? If not, don’t post information about your holiday travel plans.
More information about social networking safety.
While you’re at it, take a few minutes to adjust the privacy settings on your social networking site and any apps on your smart phone that share your location information.
More information about using location services more safely.
Also, avoid giving vacation details in an automated “out of office” email.
More information about email and web scams.
Last week we gave you three tips to help protect yourself when you shop online. Here are three more tips to help keep cybercriminals from ruining your holiday.
Never make online financial transactions on a public or shared computer. Public computers in libraries, internet cafés and copy shops are convenient, but not always safe. It’s fine to use them to browse for gifts, but make sure you use a secure computer whenever you enter your credit card information.
More information about using a public computer.
Give only enough information to make the purchase. Be wary if a merchant asks for additional information like bank account information, social security number, or other personal information. You could be on a fraudulent site.
Protect your credit card online. You don’t have to limit your shopping to the most popular retailers to stay safe online. You can use a third-party payment service like PayPal to shield your credit card number from online merchants.
More information about third-party payment services.
How do you protect yourself when you shop online? Let us know in the comment section below.
Whether you start your holiday shopping on Black Friday, Cyber Monday, or right now, here are three tips to help you avoid scams and fraudulent websites when you buy gifts online.
This is part one in a three part series. Read part two and part three. And if we missed something, let us know in our comments section below.
Use an updated web browser. Check your browser to see if it provides the protection you need. Internet Explorer 9 is the newest version of the Microsoft web browser. It helps protect you when you shop online. Download Internet Explorer 9 now.
More information about Internet Explorer 9.
Use a secure website. When you enter your credit card, look for signs that the webpage is secure—a web address with https and a closed padlock beside it are good indications that the webpage is secure.
More information about secure websites.
Choose strong passwords. If you store your information at an online shopping site, make sure to choose a strong password that uses eight or more characters.
More information about strong passwords.
Get more tips on how to shop online more safely.
We recently received this question from a reader of this blog:
“Hi! I am running Windows 7 with Windows Defender. Why does the Action Center say that I don’t have antivirus protection?”
Windows Defender comes with Windows 7 and although it is your first line of defense against spyware, it’s not technically antivirus software. The Action Center lets you know you need to download antivirus software. If you want to protect your computer against spyware and viruses, you need to install antivirus software, such as Microsoft Security Essentials. Microsoft Security Essentials is free if your computer is running genuine Windows software and it provides real-time protection against viruses, spyware, and other unwanted software for your personal computer or small business.
Get more information about antivirus software.
Download Microsoft Security Essentials.
Microsoft releases security updates on the second Tuesday of every month. Today Microsoft released 4 security updates for Microsoft Windows.
Today the Microsoft Security Response Center (MSRC) posted details about the November security updates. On Tuesday, November 8, 2011, at approximately 10 AM Pacific Time, Microsoft will release 4 bulletins.
For more information about the security updates that will be released on November 8, see Microsoft Security Bulletin Advance Notification for November 2011.