Security Tips & Talk

Report scams in Hotmail, Xbox, and more

Eve Blakemore — Tue, 21 Feb 2012 17:00:00 GMT

If you think you’re a target of a phishing scam or other fraud in an email, Xbox instant message, or on a website, you can report it. Most Microsoft products have built-in tools that make this easier.

Hotmail. If you receive a suspicious email message that asks for personal information, click the check box next to the message in your Hotmail inbox. Click Mark as and then point to Phishing scam.

Xbox 360. If someone is trying to phish you in Xbox 360, bring up the player profile, select File Complaint, select File Complaint again, select Text and Voice Communication and then select Text message to file a complaint, where it will be reviewed by our Enforcement Team.

Internet Explorer. While you are on a suspicious site, click the gear icon () and then point to Safety. Then click Report Unsafe Website and use the web page that is displayed to report the website.

Microsoft Office Outlook. Attach the suspicious email message to a new email message and forward it toreportphishing@antiphishing.org. To learn how to attach an email message to an email message, see Attach a file or other item to an email message.

Get more information about how to report and avoid fraud.

Protect yourself from online tracking

Eve Blakemore — Thu, 16 Feb 2012 17:00:00 GMT

Third-party websites have the ability to track your online behavior and share this information without your knowledge or consent. Tracking Protection, a new feature in Internet Explorer 9, lets you choose which third-party sites can receive your information and track you online. When you add a Tracking Protection List, Internet Explorer will prevent your information from being sent by limiting data requests to websites in the list. For more information on tracking, see this recent IE blog post: Browse Without Being Browsed.

To turn on Tracking Protection

Open Internet Explorer by clicking the Start button . In the search box, type Internet Explorer, and then, in the list of results, click Internet Explorer.
Click the Tools button , point to Safety, and then click Tracking protection.
In the Manage Add-on dialog box, click a Tracking Protection list, and then click Enable.

Free security updates for February

Eve Blakemore — Tue, 14 Feb 2012 18:13:00 GMT

Microsoft releases security updates on the second Tuesday of every month.

The bulletin announces the release of 9 security updates:

5 updates for Microsoft Windows
1 update for Internet Explorer
1 update for Microsoft Office
1 update for Microsoft SharePoint
1 update for .NET Framework and Silverlight

Get the updates.

Download a video about the updates.

To get more information about security updates and other privacy and security issues delivered to your email inbox, sign up for our newsletter.

February security updates: Get advance notice

Eve Blakemore — Thu, 09 Feb 2012 19:00:00 GMT

Today the Microsoft Security Response Center (MSRC) posted details about the February security updates. On Tuesday, February 14 at approximately 10 AM Pacific Time Microsoft will release 9 bulletins.

The easiest way to get the updates when they're available is to turn on Windows automatic updating. For more information about how this works, see Understanding Windows automatic updating.

The Microsoft Security Bulletin Advance Notification Service offers details about security updates approximately three business days before they are released. We do this to allow customers (especially IT professionals) to plan for effective deployment of security updates.

Advanced Notification includes information about:

The number of new security updates being released
The software affected
Severity levels of vulnerabilities
Information about any detection tools relevant to the updates

For more information about the security updates that will be released on February 14, see Microsoft Security Bulletin Advance Notification for February 2012.

For official risk and impact analysis, as well as deployment guidance, visit the MSRC blog. If you are on Twitter, you might want also want to follow @MSFTSecResponse.

Who’s more likely to fall for scams? The answer might surprise you

Eve Blakemore — Tue, 07 Feb 2012 17:00:00 GMT

A recent Ponemon Institute study (in cooperation with PC Tools) challenges the myth that people who fall for scams are generally older. According to survey results, 18-25 year olds are among the groups that are more susceptible to online scams. Respondents also said that a free prize or free antivirus software were the most likely scam offers that they would respond to.

Get more information about how to spot scams and protect yourself from them.

See more results from the study.

Update your browser

Eve Blakemore — Thu, 02 Feb 2012 21:00:00 GMT

If you have automatic updating turned on and you’re not using the latest version of Internet Explorer that works on your computer, Windows Update will automatically upgrade you this month. Internet Explorer 9 is Microsoft's latest web browser with even more security features, but you can opt-out if you want.

Don’t want to wait? You can download Internet Explorer 9 yourself right now.

More information

Don’t be fooled by fake Halo 4 beta sites

Eve Blakemore — Tue, 31 Jan 2012 23:38:00 GMT

Microsoft’s Halo 4 Xbox video game won’t be released until December 2012, but some scammers are already launching fake Halo 4 beta websites designed to trick you into giving away your personal information or installing malicious software.

Don’t be fooled.

Get tips on how to report, recognize, and avoid scams.

Don’t let phishing threaten your small business

Eve Blakemore — Fri, 27 Jan 2012 17:00:00 GMT

We recently received this message from a small business owner:

I am stunned by the number of fake emails I get through my store’s email system, and some of them are quite sophisticated. I get them all the time from “UPS,” the “Better Business Bureau,” and today, “Bank of America.” Most of the time, they encourage me to open an attachment and fill out a form to prevent my account from being closed or to address a customer complaint. But sometimes the language and graphics are really quite professional. How can I protect my business against this kind of fraud?

The messages described here are known as phishing and if a phishing message appears in your email inbox, you can delete it or report it by using the newest versions of Internet Explorer, Hotmail, and Microsoft Office Outlook.

Use Microsoft tools to report a suspected scam

Internet Explorer. If you are on a site that seems suspicious, click the gear icon and then point to Safety. Then click Report unsafe website and use the web page that appears to report the website.
Hotmail. If you receive a suspicious email message that asks you for personal information, click the check box next to the message in your Hotmail inbox. Click Mark as and then point to Phishing scam.
Microsoft Office Outlook. Attach the suspicious email message to a new email message and forward it to reportphishing@antiphishing.org. To learn how to attach an email message to an email message, see Attach a file or other item to an email message.

You can also download the Microsoft Junk E-mail Reporting Add-in for Microsoft Office Outlook.

Reduce the number of phishing emails you receive

Use email software with built-in spam filtering
Keep your spam and phishing filters current
Be careful about sharing your email or instant message address

Get more information about how to keep spam and other fraudulent emails out of your inbox.

What’s your online reputation?

Eve Blakemore — Wed, 25 Jan 2012 03:14:00 GMT

Most of us put a boundary between our personal and professional lives. Online that’s not easy to do.

In the Official Microsoft blog, Brendon Lynch, Microsoft Chief Privacy Officer, writes, “Every piece of personal information that exists online about you -- whether posted by you or by others -- has the potential to impact how you are perceived by family and friends, an employer, a mortgage lender, and more.”

That’s why, on Data Privacy Day 2012, Microsoft is providing information and resources about how you can manage your personal information online.

Top tips to manage your information online

Stay vigilant and conduct your own “reputation report” from time to time.
Consider separating your professional and personal profiles.
Adjust your privacy settings.

Get the rest of these tips and learn more about how to safeguard your online reputation:

Income tax scams already!?

Eve Blakemore — Thu, 19 Jan 2012 17:00:00 GMT

You’d have to be a real early bird to be expecting your income tax return in the United States already. And yet, we’ve begun to see phishing scams that appear to come from support@irs.gov and offer links where you can check the status of your return.

The message uses language straight from the IRS website and goes something like this:

You filed your tax return and you’re expecting a refund. You have just one question and you want the answer now – Where’s My Refund?

Access this secure Web site to find out if the IRS received your return and whether your refund was processed and sent to you.

To get to your refund status, you’ll need to provide the following information as shown on your return:

Your first and last name
Your Social Security Number (or IRS Individual Taxpayer Identification Number)
Your Credit Card Information (for the successful complete of the process)

This email is a scam. Don’t respond and don’t send them any personal information.

Here are several common scam techniques that this message and others might use:

Looking like a large organization or company. The text and images in this email were stolen from the IRS website and make the email look legitimate.
Requests for personal or financial information. The IRS does not ask for personal information like this in email.
Bad grammar or spelling. The only part of the email that was not copied from the IRS website was the section requesting credit card information. It’s no coincidence that this is also the section with grammatical and spelling errors.

If you receive a message like this, delete it or report it. Learn more about how to recognize, avoid, and report scams like this one.

Why Trustworthy Computing is still a Microsoft priority

Eve Blakemore — Tue, 17 Jan 2012 17:00:00 GMT

Ten years ago this week, Bill Gates sent a memo to all Microsoft employees announcing the Trustworthy Computing (TwC) initiative and defining the key aspects of TwC.

Gates wrote:

“Trustworthy Computing is computing that is as available, reliable and secure as electricity, water services and telephony.”

That announcement and the creation of TwC set the company on a path to help increase security and privacy for all of our computing experiences.

Learn about the history of TwC and read how Microsoft has reaffirmed its commitment to it for the next decade.

More information about Trustworthy Computing

Resolve to help protect your PC

Eve Blakemore — Thu, 12 Jan 2012 16:31:00 GMT

You can help protect yourself and your family from identity theft, fraud, viruses, dangerous email, and more, with these ten New Year’s resolutions:

Keep all software (including your web browser) current with automatic updating.
Install legitimate antivirus and antispyware software, such as Microsoft Security Essentials.
Never turn off your firewall.
Protect your wireless router with a password.
Think before you open attachments or click links in an email message, an instant message (IM), or on a social network, even if you know the sender. Confirm with the sender that the message is legitimate. Learn more about scams.
Before you enter sensitive data, look for signs that the webpage is secure—a web address with https and a closed padlock () beside it are good indications.
Never give sensitive information (like an account number or password) in response to a request in an email message, IM, or on a social network.
Don't respond to pleas for money from "family members," deals that sound too good to be true, lotteries you didn't enter, or other scams.
Make your passwords long phrases or sentences that mix capital and lowercase letters, numbers, and symbols. Use different passwords for different sites, especially those that keep financial information.
Use our password checker to learn how strong your passwords are.

Free security updates for January

Eve Blakemore — Tue, 10 Jan 2012 19:00:00 GMT

Microsoft releases security updates on the second Tuesday of every month. Today Microsoft released 7 security updates:

6 updates for Microsoft Windows
1 update for ASP.NET

Get the updates.

Download a video about the updates.

To get more information about security updates and other privacy and security issues delivered to your email inbox, sign up for our newsletter.

Beware of Ransomware

Eve Blakemore — Fri, 06 Jan 2012 17:02:00 GMT

Cybercriminals use social engineering to prey on our weaknesses. Sometimes they take advantage of our goodwill towards others, like in the “I’ve been mugged scam” I wrote about in a recent blog post. More often they try to trick us with deals that seem too good to be true.

Cybercriminals can also sneak software (called “ransomware”) onto your computer. This will pop up a window warning that illegal material has been found on your computer, and lock you out of your computer unless you pay a fee. We’ve been reporting on this kind of scam at least as far back as 2008, but the Microsoft Malware Protection Center recently blogged about its resurgence in several languages, including English, Spanish, German, and Dutch.

Get more information about this scam from the Microsoft Malware Protection Center blog.

Make room for your new PC, laptop, or Xbox

Eve Blakemore — Tue, 03 Jan 2012 18:14:23 GMT

Did you get a new computer or gaming system for the holidays and you want to get rid of your old one? Make sure you clear all the old files from your old PC before you recycle it. That way, if it falls into the wrong hands, a criminal won’t be able to access your personal information. If you want to transfer some of your old files, you can use Windows Easy Transfer.

Make sure you remove:

Email contacts and messages
Your documents
Your computer’s recycle bin or trash folder
Your Internet browser’s cache, cookies, and history

Get more information about what to do with your old PC

Holiday scam alert: “I’ve been mugged; send money!”

Eve Blakemore — Thu, 22 Dec 2011 18:20:44 GMT

The holidays are here, and that means that more people are travelling for their vacations. We thought this would be a good time to remind you about a popular online scam designed to trick you into thinking that your friend is in trouble on vacation.

When cybercriminals break into someone’s email or social networking account, they might send emails or post messages pretending to be that person. One fairly common email tries to make your friends and contacts believe that you are in trouble, often in a foreign country, and you need them to send you money.

Here’s a message that I received from a colleague a few weeks ago:

I hope you get this on time, I made a trip to Edinburgh Scotland, and had my bag stolen from me with my passport and personal effects therein. The embassy has just issued me a temporary passport but I have to pay for a ticket and settle hotel bills. I've made contact with my bank but it would take me days to access funds in my account from Edinburgh, I need you to lend me some funds to cover these expenses. I can give back to you as soon as I get in.

I can be reached by email, as I lost my phone in the robbery and don't have access to a phone at the moment.

If you are getting emails like this, it probably means that your friend was hacked. Delete the email or report it. If you use Hotmail, you can use the My friend’s been hacked tool to report it. To do this, select the email, point to Mark as and select My friend’s been hacked.

If people on your contact list are getting emails like this, it probably means that someone has stolen or guessed the password to your email account and your email address has been hijacked.

What to do if your friends are getting email messages that appear to come from you:

If you can still get into your email account, sign in and change your password.
If you can't sign in, check the help file of your email provider. You can probably use additional information that you provided when you signed up in order to reset your password.

New Xbox? Protect your account

Eve Blakemore — Tue, 20 Dec 2011 17:24:10 GMT

Whether your family is getting a new Xbox this holiday season or you want to upgrade the security on your current Xbox, here are our top tips.

Password protect your Xbox LIVE profile. Use a strong password to protect your profile. This is especially important if you or your family plan to download your Xbox LIVE profile or gamertag at someone else’s house so you can play on their console.

Learn how to control access to your account.

Add additional security proofs to your Windows Live ID. Add a mobile phone number, email address, secret question or other information to your account. If your password is stolen, this extra information can help you reset it. Think of this as making an extra copy of the keys to your house. To do this, go to the Manage security info webpage, and then sign in with your Windows Live ID.

Be alert for phishing scams. Phishing scams are designed to trick you into revealing personal information. One trick that cybercriminals use is to offer you deals that are too good to be true. Microsoft will never ask for your Windows Live ID password in an email or over the phone. Enter your Windows Live ID password only at known Microsoft trusted sites or through the Xbox 360 console. Learn more about phishing and other kinds of fraud.

Get more information

For more information about Xbox security, see xbox.com/security.
For more information about general home computer security, see microsoft.com/security.

Making the Internet safer for children

Eve Blakemore — Thu, 15 Dec 2011 17:48:00 GMT

This month Microsoft announced participation as a founding member in the CEO Coalition on Child Online Safety.

Here is some of our guidance on how to protect your family when you use technology:

December security updates

Eve Blakemore — Tue, 13 Dec 2011 18:58:00 GMT

Microsoft releases security updates on the second Tuesday of every month. Today Microsoft released 13 security updates.

6 updates for Microsoft Windows
1 update for Internet Explorer
1 update for ActiveX
1 update for Microsoft Publisher
1 update for Microsoft PowerPoint
1 update for Microsoft Excel
2 updates for Office

Get the updates.

Watch a video about the updates.

To get more information about security updates and other privacy and security issues delivered to your email inbox, sign up for our newsletter.

December security updates: get advance notice

Eve Blakemore — Wed, 07 Dec 2011 04:05:00 GMT

Today the Microsoft Security Response Center (MSRC) posted details about the December security updates. On Tuesday, December 13, 2011, at approximately 10 AM Pacific Time, Microsoft will release 14 bulletins.

The easiest way to get security updates when they're available is to turn on Windows automatic updating. For more information about how this works, see Understanding Windows automatic updating.

The Microsoft Security Bulletin Advance Notification Service offers details about security updates approximately three business days before they are released, which allows customers (especially IT professionals) to plan for effective deployment of security updates.

Advanced Notification includes information about:

The number of new security updates being released
The software affected
Severity levels of vulnerabilities
Information about any detection tools relevant to the updates

For more information about the security updates that will be released on December 13, see Microsoft Security Bulletin Advance Notification for December 2011.

For official risk and impact analysis, as well as deployment guidance, visit the MSRC blog. If you are on Twitter, you can follow @MSFTSecResponse.

Home computer security: do you measure up?

Eve Blakemore — Tue, 06 Dec 2011 22:18:16 GMT

Last month we released new research showing that, while most people do take some steps to protect themselves online, there are opportunities to do more.

The Microsoft Computing Safety Index (MCSI) is a scoring system of more than 20 steps you can take to help protect yourself online.

Many of you probably already do the basics, such as turning on and leaving on your firewall, using antivirus software, and keeping your operating system and other software updated. But, do you regularly use search engines to monitor the information that’s available about you online? Do you use passwords that incorporate letters numbers and symbols?

Find out how you measure up, by taking the survey.

Avoid fake emails

Eve Blakemore — Fri, 02 Dec 2011 17:46:22 GMT

We sometimes hear from customers who want to know if an email which appears to be from Microsoft is real or not. If you receive an email that claims to come from Microsoft, but it contains an attachment or asks you to send passwords, user names, or financial information, it’s probably a fake. Te best thing to do is to delete it.

This week, Microsoft and other technology companies have joined forces with anti-phishing start-up Agari to help stem the tide of those fake emails.

Read this CNET article for more information about how Agari uses cloud technology to help stop phishing and other kinds of email fraud.

Get more information about how to avoid scams that use the Microsoft name fraudulently.

Hang up on phone scams

Eve Blakemore — Tue, 29 Nov 2011 17:02:00 GMT

If you receive a phone call from someone who claims to be from Microsoft and says that your computer has a virus, hang up.

This call is probably from a cybercriminal who wants to charge you for a bogus service or trick you into installing malicious software on your computer that could capture sensitive data. Then, they might even charge you to remove the software that they tricked you into installing.

Microsoft does not make unsolicited calls to ask for personal information or to charge you for computer updates. You can update your computer automatically and for free with Windows Update.

For more information, see Phone Scammers: Here to help...themselves.

If you think you might have already been a victim of this scam, learn how to report it.

Get more information about how to avoid tech support phone scams.

Stay safer when you shop online (part 3 of 3)

Eve Blakemore — Fri, 25 Nov 2011 16:05:00 GMT

For the third and last installment in our series on how to stay safer when you shop online this holiday season, we have a few tips on what to do if you think you might already be a victim of a shopping scam.

Check your statements. If you think you might have given away personal or financial information to a cybercriminal, check your bank and credit card statements. You should do this regularly, especially over the holidays.

Get more information about what to do if you think you’ve been a victim of a scam.

Change your passwords. Change your passwords on shopping sites, your email account, bank account, and other online financial institutions. Don’t use the same passwords for each of these accounts.

Get more information about creating strong passwords.

Report scams, fraud, identity theft, or other abuse.

If you think you are on a suspicious site, in Internet Explorer click the gear icon () and then point to Safety. Then click Report Unsafe Website and use the web page that is displayed to report the website.
If you receive a suspicious shopping email message in Hotmail, click the check box next to the message in your Hotmail inbox. Click Mark as and then point to Phishing scam.
Report the scam to the website or service, to your local police, and the bank, credit card company, or other financial institution.
Report identity theft in the United States to the U.S. Federal Trade Commission (FTC) or call toll free: (877) 438-4338.
Report scams or fraud in the United States to the FTC or call toll free: (877) 382-4357.

For more information about how to stay safer when you shop online, see part one and part two in this series.

Think twice before you broadcast holiday plans

Eve Blakemore — Wed, 23 Nov 2011 16:04:14 GMT

Your best friend from high school is probably not a cat burglar. But do you know everyone on your friends’ and followers’ lists (or everyone on their lists) on your social networking sites? If not, don’t post information about your holiday travel plans.

More information about social networking safety.

While you’re at it, take a few minutes to adjust the privacy settings on your social networking site and any apps on your smart phone that share your location information.

More information about using location services more safely.

Also, avoid giving vacation details in an automated “out of office” email.

More information about email and web scams.