Archive

Archive for the ‘email’ Category

Congratulations! You’ve won $800,000!!

Well, maybe not.

But that’s just one of the many ploys that scammers send in their relentless efforts to part people from their money or sensitive personal information like passwords and account numbers.

Microsoft is asking people to take a survey of their experience with online fraud—what kinds of scams they’ve encountered (including those on mobile devices and Facebook), how concerned they are about online or phone fraud, and what steps they take to protect themselves.

In 2012, Microsoft fielded its first such study, interviewing 1,000 US residents to understand their exposure to, and perception of, online fraud and scams.

Respondents reported having encountered roughly eight different scams on average, with these as the top four:

  • Scams that promise free things or coupons (44 percent)

  • Fake antivirus alerts that imitate real programs offering virus repair but that download malware instead (40 percent)

  • Phishing scams using fake messages that mimic those of trusted businesses to trick people into revealing personal information (39 percent)

  • Fraud that features a request for bank information or money upfront from someone (such as a “foreign prince”) who needs help transferring large sums of money for a cut of the total (39 percent)

In the new survey, we’re interested in how scams and responses to scams might have changed since 2012. Are there different scams? What are the most common? Where are they most often occurring—on mobile devices? On Facebook?

Results of our last survey showed that nearly everyone (97 percent) took steps to safeguard their computers, but more than half (52 percent) did nothing at all to protect their mobile devices. So we’re particularly interested to see if these numbers have changed. 

You can help us fight online scams and fraud by taking our survey.

We will release the results of the survey during National Cyber Security Awareness Month this October. Follow the hashtag #NCSAM to read the story. 

Congratulations! You’ve won $800,000!!

September 2nd, 2014 No comments

Well, maybe not.

But that’s just one of the many ploys that scammers send in their relentless efforts to part people from their money or sensitive personal information like passwords and account numbers.

Microsoft is asking people to take a survey of their experience with online fraud—what kinds of scams they’ve encountered (including those on mobile devices and Facebook), how concerned they are about online or phone fraud, and what steps they take to protect themselves.

In 2012, Microsoft fielded its first such study, interviewing 1,000 US residents to understand their exposure to, and perception of, online fraud and scams.

Respondents reported having encountered roughly eight different scams on average, with these as the top four:

  • Scams that promise free things or coupons (44 percent)
  • Fake antivirus alerts that imitate real programs offering virus repair but that download malware instead (40 percent)
  • Phishing scams using fake messages that mimic those of trusted businesses to trick people into revealing personal information (39 percent)
  • Fraud that features a request for bank information or money upfront from someone (such as a “foreign prince”) who needs help transferring large sums of money for a cut of the total (39 percent)

In the new survey, we’re interested in how scams and responses to scams might have changed since 2012. Are there different scams? What are the most common? Where are they most often occurring—on mobile devices? On Facebook?

Results of our last survey showed that nearly everyone (97 percent) took steps to safeguard their computers, but more than half (52 percent) did nothing at all to protect their mobile devices. So we’re particularly interested to see if these numbers have changed.

You can help us fight online scams and fraud by taking our survey.

We will release the results of the survey during National Cyber Security Awareness Month this October. Follow the hashtag #NCSAM to read the story.

Do you know your kids’ passwords?

August 27th, 2014 No comments

This is the second of two blog posts on password protection. Read Part 1: Create strong passwords and protect them.

Whether or not you should know all of your kids’ passwords depends on their age, how responsible they are, and your parenting values.

However, kids of any age and responsibility level need to know how to create strong passwords and how to protect those passwords.

Sharing is great, but not with passwords

Your kids should never give their friends their passwords or let them log on to their accounts. Also, be careful sharing your passwords with your kids.

3 strategies for strong passwords

  • Length. Make your passwords at least eight (8) characters long.

  • Complexity. Include a combination of at least three (3) uppercase and/or lowercase letters, punctuation, symbols, and numerals. The more variety of characters in your password, the better.

  • Variety. Don’t use the same password for everything. Cybercriminals can steal passwords from websites that have poor security and then use those same passwords to target more secure environments, such as banking websites.

For more information, see Help kids create and protect their passwords.

Do you know your kids’ passwords?

August 27th, 2014 No comments

This is the second of two blog posts on password protection. Read Part 1: Create strong passwords and protect them. Whether or not you should know all of your kids’ passwords depends on their age, how responsible they are, and your parenting values. However, kids of any age and responsibility level need to know how to create strong passwords and how to protect those passwords.

Sharing is great, but not with passwords

Your kids should never give their friends their passwords or let them log on to their accounts. Also, be careful sharing your passwords with your kids.

3 strategies for strong passwords

  • Length. Make your passwords at least eight (8) characters long.
  • Complexity. Include a combination of at least three (3) uppercase and/or lowercase letters, punctuation, symbols, and numerals. The more variety of characters in your password, the better.
  • Variety. Don’t use the same password for everything. Cybercriminals can steal passwords from websites that have poor security and then use those same passwords to target more secure environments, such as banking websites.

For more information, see Help kids create and protect their passwords.

Get help with your Outlook.com questions

June 17th, 2014 No comments
Categories: email, Outlook.com Tags:

5 ways to protect your Microsoft account

May 15th, 2014 No comments

Your Microsoft account (formerly your Windows Live ID) is the combination of an email address and a password that you use to sign in to services such as Xbox LIVE and Outlook.com, as well as devices such as Windows Phone and computers running Windows 8.

A Microsoft account is free and you can use it to:

  • Purchase apps from the Windows Store
  • Back up all your data using free cloud storage
  • Keep all your devices, photos, friends, games, settings, music, up to date and in sync.

5 ways to help protect your Microsoft account

  1. Create a strong password. Strong passwords use a combination of uppercase and lowercase letters, numerals, punctuation marks, and symbols. The longer the better, and don’t use personal information (such as a pet’s name, nickname, or driver’s license number) that can be easily guessed.
  2. Protect your password. Don’t use the same password you use on other sites, and remember to change your Microsoft account password (as well as other passwords) regularly. Watch out for email social engineering scams designed to trick you into turning over your password to a cybercriminal.
  3. Enable two-step verification. Two-step verification uses two ways to verify your identity whenever you sign in to your Microsoft account. Two-step verification is optional, but we recommend that you use it. Learn how to turn it on.
  4. Make sure the security information associated with your account is current. If the alternate email address or phone number you’ve given us changes, update the settings of your account so that we can contact you if there’s a problem.
  5. Watch out for phishing scams. If you receive an email message about the security of your Microsoft account, it could be a phishing scam. Don’t click links in any messages unless you trust or check with the sender. 

Don’t have a Microsoft account yet? See How do I sign up for a Microsoft account?

How to recover an account if you haven’t already added security information to it

March 25th, 2014 No comments

A reader asks:

What can I do if my account has been hacked and I haven’t already added security information to it?

It would be easier to recover your account if you had already associated it with information that cybercriminals can’t easily access, like your mobile phone number or an alternate email address. For example, if your account is compromised, Microsoft could send you an account-recapture code in a text message to help you regain access to your account. If you do have access to your account, add security information to your account now.

If you haven’t already added security information to your account 

Scan your PC for viruses

 If your account has been hacked and you can’t get access to it, the first thing you should do is scan your computer for viruses. Do this before you try to change your password. Hackers get your password through malware that’s been installed on your PC without your knowledge (for example, when you download a new screen saver, toolbar, or other software from an untrustworthy source.) It’s important to clear your PC of viruses or malware before you change your password. That way, the hackers won’t get your new password.

If your computer is running Windows 8

Use the built-in Windows Defender to help you get rid of a virus or other malware.

Here’s how: 

  1. From the Search charm, search for defender, and then open Windows Defender.

  2. On the Home tab, choose a scan option, and then tap or click Scan now.

In addition to the color codes for your PC’s overall security status, Windows Defender applies an alert level to any suspected malware it detects. You can decide whether to remove an item entirely, research it further, or let it run because you recognize it.

 If your computer is running Windows 7 or Windows Vista 

Get more help removing viruses

Reset your password

Once you’ve scanned your computer for viruses, reset the password on your account.

If you can’t reset your password, and you haven’t already added security information to your account, you can still get back into the account by filling out a questionnaire. You will be asked specific questions about the account and email messages that might be stored there. Someone will get back to you within 24 hours (typically a lot sooner).

For more information, see How to recover your hacked Microsoft account.

Tax scams: 6 ways to help protect yourself

March 20th, 2014 No comments

We’ve received reports that cybercriminals are at it again, luring unsuspecting taxpayers in the United States into handing over their personal information as they rush to file their taxes before the deadline.

Here are 6 ways to help protect yourself.

1.     Beware of all email, text, or social networking messages that appear to be from the IRS. Cybercriminals often send fraudulent messages meant to trick you into revealing your social security number, account numbers, or other personal information. They’ll even use the IRS logo. Read more about how the IRS does not initiate contact with taxpayers by email or use any social media tools to request personal or financial information.
2.       Use technology to help detect scams. Scams that ask for personal or financial information are called “phishing scams.” Internet Explorer, Microsoft Outlook, and other programs have anti-phishing protection built in. Read more about identity theft protection tools that can help you avoid tax scams.
3.       Check to see if you already have antivirus software. If a cybercriminal does fool you with a tax scam that involves downloading malware onto your computer, you might already be protected by your antivirus software. If your computer is running Windows 8, you have antivirus software built in. Download Microsoft Security Essentials at no cost for Windows 7 and Windows Vista. 
4.       Make sure the website uses secure technology. If you’re filing your taxes on the web, make sure that the web address begins with https, and check to see if a tiny locked padlock appears at the bottom right of the screen. For more information, see How do I know if I can trust a website and What is HTTPs?
5.       Think before you download tax apps. Download apps only from major app stores—the Windows Phone Store or Apple’s App Store, for example—and stick to popular apps with numerous reviews and comments.
6.       Be realistic. If it sounds too good to be true, it probably is. From companies that promise to file your taxes for free, to websites that claim you don’t have to pay income tax because it’s unconstitutional—keep an eye out for deliberately misleading statements.

5 safety tips for online dating

February 13th, 2014 No comments

If you’re going to be connecting online this Valentine’s Day (or ever), follow these safety and privacy tips.

  1. Avoid catfishing. This is a type of social engineering designed to entice you into a relationship in order to steal your personal information, your money, or both. Always remember that people on the other end of online conversations might not be who they say they are. Treat all email and social networking messages with caution when they come from someone you don’t know.
  2.  Use online dating websites you trust. Knowing when to trust a website depends in part on who publishes it, what information they want, and what you want from the site. Before you sign up on a site, read the privacy policy. Can’t find it? Find another site. For more information, see How do I know if I can trust a website?
  3.  Be careful with the information you post on online. Before you put anything on a social networking site, personal website, or dating profile, think about what you are posting, who you are sharing it with, and how this will reflect on your online reputation. For more information, watch this video about the dangers of oversharing.
  4.  Be smart about details in photographs. Photographs can reveal a lot of personal information, including identifiable details such as street signs, house numbers, or your car’s license plate. Photographs can also reveal location information. For more information, see Use location services more safely.
  5.  Block and report suspicious people. Use the tools in your email, social networking program, or dating website to block and report unwanted contact. Read this if you think you might already be a victim of a scam.

10 New Year’s resolutions for your digital devices and your online life

December 31st, 2013 No comments

It’s a new year, which means it’s time to resolve to create healthier habits in our daily lives. But we don’t have to stop at just improving our body, mind, and spirit. It’s also a good idea to resolve to keep our PCs, laptops, smartphones, and social networking sites healthy this year.

1. Keep your software up to date. You can help protect against viruses, fraud, and more by keeping your operating system, antivirus software, antispyware software, web browser, and other software updated. Microsoft releases security updates on the second Tuesday of every month. Learn how to get security updates automatically.

2. Create strong passwords, keep them secret, and change them regularly. This is particularly important for those passwords that safeguard your computer, important accounts (like email or Facebook), and sensitive information, like financial and health data. Get more information about creating strong passwords and protecting them.

3. Use antivirus software. If your computer is running Windows 8, you can use the built-in Windows Defender to help you detect and get rid of spyware and other malware. If your computer is running Windows 7, Windows Vista, or Windows XP, Windows Defender removes spyware.

4. Check and adjust your privacy settings. You can participate in the online world and keep your information private. Learn more about how to manage your privacy settings in Windows, Internet Explorer, your Microsoft account, Windows Phone, and more. 

Watch a video about privacy in action (1:19).

5. Teach your children about online safety. Before kids use computers, gaming consoles, or mobile devices, make sure you agree on clear limits, talk about how to keep accounts and passwords secret, and help them stand up to online bullying. If your child got a new device this holiday season, read this checklist for safety tips.

6. Monitor your children’s online behaviors, and continue to talk to them about Internet safety. If your kids are online, it’s important to have regular online safety conversations and to continue to keep track of what they’re doing. For more information, see Age-based guidelines for kids’ Internet use.

7. Upgrade to modern software that provides the latest security technologies and protections. Advanced security technologies in modern operating systems are specifically designed to make it more difficult, more complex, more expensive, and therefore, less appealing to cybercriminals to exploit vulnerabilities. Learn more about how support for Windows XP ends this year.

8. Use SkyDrive to help protect your personal information. Ransomware is a type of malware designed to infiltrate your computer and hold your files (photos, documents, reports, etc.) hostage until you pay the demanded amount of money to a cybercriminal. One of the best ways to protect your files is to back them up using a removable drive or a cloud service like SkyDrive.

9. Explore new tools for PC protection. If you feel comfortable performing more advanced computer tasks, consider downloading the free Enhanced Mitigation Experience Toolkit (EMET), which will make it even more difficult for malicious hackers and cybercriminals to get into your computer.

10. Ignore fake tech support phone calls. Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes. If you receive a suspicious phone call from someone claiming to be from Microsoft, all you have to do is hang up. For more information, see Avoid tech support phone scams.

 

Online safety tips for travelers

December 19th, 2013 No comments

If you’re travelling this holiday season and you plan to be online, here are a few ways to protect yourself and your family:

Get more mobile and wireless tips.

Safety is an active verb

When we are young, we are taught to brush our teeth in order to develop healthy and preventative habits.  Hopefully by the time we reach adulthood, the act of brushing every morning has become second nature.  Yet, when we go online, we don’t always take the same preventative measures with our personal information.  Perhaps it’s because we haven’t placed enough importance on developing this healthy habit?

Today, Microsoft released the US results of the third Microsoft Computing Safety Index (MCSI).   Designed to gauge consumer online safety habits and behaviors, the Index reveals that the US score has decreased year-after-year since it was first launched in 2011.  

So why the drop?  The data reveals that while people are not necessarily engaging in risky behaviors, they miss active steps to thwart socially-engineered risks.  For example; in 2011, 60 percent of respondents reported using only reputable sites compared to 39 percent in 2013.   In addition, less than half of US respondents are still not taking actions such as limiting the amount of personal information they share online, dropping from 48 percent in 2011, to 40 percent in 2013.  Nor are they using phishing filters to help stay safer, 30 percent in 2011 compared to only 18 percent in 2013.  On average, US respondents are using less than one quarter of the 12 technical tools available for managing online safety, are being used.

The good news: default settings are keeping consumers safer than they realize.  While US respondents report using only half of the foundational settings (automatic updates, antivirus software, firewall protections, secured wireless, up-to-date software), after checking, most actually are better protected than they thought (almost four out of five).

Broken out into three tiers of activity – “Foundational,” “Technical+,” and “Behavioral” – the Index assigns a point scale of 0 to 100 based on an individual’s answers.  The more steps taken in any given tier, the higher the score.

Didn’t participate in the formal survey?  We’ve created an abbreviated version so you can see how you measure up.  Go to www.microsoft.com/security/mcsi and take stock of your personal online habits and practices to learn how you compare to US respondents.    

Just like looking both ways before crossing the street, it’s never too late to begin developing safer online habits. Microsoft suggests these top three tips to help people worldwide stay safer online – at home, at work, and on the go.

  • Protect your computer and your accounts.  Keep all software (including your browser) current with automatic updating and install legitimate antivirus and antispyware software.

  • Look for signs that a webpage is secure and legitimate. Before you enter sensitive data, check for evidence of encryption, meaning a web address with https (“s” stands for secure), and a closed padlock beside it. (The lock might also be in the lower right corner of the window.)

  • Reduce spam in your inbox. Share your primary email address and instant messaging name only with people you know in person and with reputable organizations. Avoid listing them on your social network page, in Internet directories (like white pages), or on job-posting sites.

No matter where or how people access the Internet, exercising safer digital habits needs to remain part of our daily routine.   For additional guidance, regularly check our Safety & Security Center, where all of our tools and materials are located, including our Digital Citizenship in Action Toolkit. “Like” our page on Facebook, and follow us on Twitter.  Get proactive and get involved – in online safety.  

When should kids be allowed online?

August 9th, 2013 No comments

As a parent or caregiver, you probably needed only one trip to the playground to realize that children can have radically different styles of play. Just as there’s no “one size fits all” approach to helping children navigate the jungle gym, the way you talk about online safety with kids will depend on the child, their maturity level, and your family’s values.  

But what is your parenting style when it comes to introducing your children to new devices and online technology?

Take a brief survey and get tailored tips to help you have conversations with young Internet users about staying safer on the ever-changing digital playground.

Microsoft won’t ask for your credit card to unblock your email account

August 1st, 2013 No comments

Tom asks:

I’m getting messages from Microsoft about my email account. The messages say that my account is blocked and I can only unblock it with a credit card number. Is this legit?

No, these messages sound like a phishing scam, a type of identity theft designed to steal your personal information, such as credit card numbers, passwords, account data, or other information. Never provide personal information in response to requests like this. In fact, it’s best not to respond at all. Instead, delete the email message and report it.

If you can’t access your email account, get information on how to recover your hacked account.

Learn how to help protect yourself from email and web scams

If you’ve been a victim of identity theft in the United States, report it right away to the U.S. Federal Trade Commission

3 ways to help protect your Microsoft account

July 18th, 2013 No comments

A Microsoft account—formerly known as a Windows Live ID—is the combination of an email address and a password that you use to sign in to services such as Xbox LIVE and Outlook.com, as well as devices such as Windows Phone and computers running Windows 8.

If you think your Microsoft account has been hacked, we recommend that you reset your password right away. To change your Outlook.com (formerly Hotmail) password, sign in to your Microsoft account, and then go to the Password section.

Your Microsoft account includes settings to help protect your privacy

  • If you have added security information to your account and you have lost your password or your account is compromised, you can request an account-recapture code that Microsoft will send you in a text message or an alternate email address to help you regain access to your account. 

 

  • Scammers can get into your email account by installing malicious software on your computer without your knowledge. Make sure you use antivirus software that updates automatically, such as Microsoft Security Essentials, which is available for computers that are running Windows 7, Windows Vista, or Windows XP. If you’re using Windows 8, you already have antivirus and antispyware protection called Windows Defender.

To learn how to adjust privacy settings in your Microsoft account, see Privacy and your Microsoft account.

 

Have authorities detected illegal activities on my computer?

July 16th, 2013 No comments

John writes:

I got an email saying that illegal materials were found on my computer and it would be locked until I paid a fine. Is this a scam?

Yes, this sounds like a common blackmail scam called ransomware. Ransomware is an email, website or pop-up window that displays warnings about possible illegal activities and demands payment before you can access your files and programs again. Delete the email and report it immediately.

Do you think you might have already fallen for a ransomware scam? Find out what to do.

Catfishing: Are you falling for it?

June 20th, 2013 No comments

The news is filled with stories about people, famous and otherwise, getting caught in online dating scams. The phenomenon is so common that it now has a name: Catfishing. The term catfishing comes from the 2010 movie Catfish about a man who was lured into a relationship by a scammer who was using a fake social networking profile.

Catfishing is a kind of social engineering. It’s similar to messages that claim that your computer has a virus, that you’ve won a lottery, or that you can earn money for little or no effort on your part. All of these scams are designed to “hook” you with fear, vanity, and too-good-to-be-true offers. The cybercriminal in a catfishing scam might post fake pictures or send encouraging messages to entice you into a relationship, but the goal is the same as in other scams: The scammer wants to steal your personal information, your money, or both.

3 ways to help avoid catfishing

  • Always remember that people on the other end of online conversations might not be who they say they are. Treat all emails and social networking messages with caution when they come from someone you don’t know.
  • Never share your passwords, even with someone you trust. If you think your accounts have been compromised, change your passwords as soon as possible.
  • If you suspect that someone is catfishing you, report them.

For more general tips and advice on how to avoid scams, download our free 12-page booklet, Online Fraud: Your Guide to Prevention, Detection, and Recovery (PDF file, 2.33 MB), and browse our other resources on how to protect yourself online.

There is no Hotmail Maintenance Department

June 13th, 2013 No comments

Cassie writes:

I received an email from the Hotmail Maintenance Department requesting personal information verification. The message included a PDF file. Is this a scam?

Yes. This is one of many types of email cybercrime, also called phishing. Cybercriminals often use the Microsoft name to try to get you to share your personal information so that they can use it for identity theft. Delete the message—do not open it, and do not click any links or open any attachments.

The Hotmail Maintenance Department doesn’t exist—and if it did, the department wouldn’t send unsolicited email messages with attachments that asked for your personal information. Be suspicious of any email messages that appear to come from the Hotmail team; even though your email address still says “Hotmail,” the service is now called Outlook.com.

For more tips on spotting scam email messages, see How to recognize phishing email messages, links, or phone calls.

If you opened the PDF file, your computer might already be infected with malware that can be used to steal your personal information. Scan your computer with the Microsoft Safety Scanner to find out. The scanner will also help you remove any malicious software it finds.

Outlook.com is officially launched

March 26th, 2013 No comments

Outlook.com (formerly Hotmail) is the newest version of free webmail from Microsoft. More than 60 million people have signed up for it since we released the beta version last summer.

Whether you make the transition from Hotmail to Outlook.com now or wait to be automatically upgraded, you can keep using your existing @hotmail.com, @live.com, or @msn.com address. Or you can get a new @outlook.com address. Get more answers to your general questions about why your Hotmail account was upgraded.

With Outlook.com, you’re in control of your data, and your personal conversations aren’t used for ads. We don’t scan your email content or attachments and we don’t sell this information to advertisers or any other company. You decide whether to connect your account to any social networks, and you’re in control of who you friend or follow.

Get more information about the security and privacy features of Outlook.com

Categories: email, hotmail, Microsoft, passwords, privacy, security Tags:

“Cyber Crime Department” scam

March 21st, 2013 No comments

We’ve received increased reports of a new phishing scam email message that uses the name and official logo of the Microsoft Digital Crimes Unit (DCU). The wording varies, but it looks like a security measure and says you need to validate your account by confirming your user name and password or by opening a file attached to the message.  

This is a fake message, but DCU is a real worldwide team of lawyers, investigators, technical analysts, and other specialists working to transform the fight against digital crime through partnerships and legal and technical breakthroughs that destroy the way cybercriminals operate. The DCU is a unique team in the tech industry, focused on disrupting some of the most difficult cybercrime threats facing society today – including malicious software crimes fueled by the use of botnets and technology-facilitated child sexual exploitation.

DCU does not send email to individuals asking them to validate their account information.  If you get one of these email messages, it is a scam. 

There are legitimate times when, in the course of a botnet cleanup effort, DCU will work to inform known victims of a particular threat to help them remove the botnet malware and regain control of their computer.  Sometimes Microsoft will work with Internet service providers (ISPs) and Computer Emergency Response Teams, who in turn will work to inform malware victims by communicating through their already-established relationship with their ISP customers. This enables ISPs to be able to reach victims in a way that is clearly verifiable to botnet victims as legitimate.  Other times, Microsoft may indeed notify victims directly – but not in email and not to verify account information, as the phishing scams claim. 

When DCU does inform victims directly about a known malware infection on their computer, like in the recent case involving the Bamital botnet takedown, it will not ask people to click on a link or download an attachment.  Rather, DCU’s communication will be done over a secured connection and will be readily verifiable as legitimately coming from Microsoft.  These notifications will often also be accompanied by a high profile public information campaign that outlines the notification process, which will also help people independently verify that a warning is real and actually coming from Microsoft.

If you receive an email message claiming to be from the DCU, do not click on links or open any attachments.  Instead, you can either just delete it or you can report it.

Here’s a copy of the fake message:

This message contains three common signs of a scam:

  • Impersonation of a well-known company or organization
  • Time-sensitive threats to your account
  • Requests to click an attachment or link

Get more information on how to recognize phishing email messages, links, or phone calls.