Swedish Windows Security User Group

Outlook.com (formerly Hotmail) is the newest version of free webmail from Microsoft. More than 60 million people have signed up for it since we released the beta version last summer.

Whether you make the transition from Hotmail to Outlook.com now or wait to be automatically upgraded, you can keep using your existing @hotmail.com, @live.com, or @msn.com address. Or you can get a new @outlook.com address. Get more answers to your general questions about why your Hotmail account was upgraded.

With Outlook.com, you’re in control of your data, and your personal conversations aren’t used for ads. We don’t scan your email content or attachments and we don’t sell this information to advertisers or any other company. You decide whether to connect your account to any social networks, and you’re in control of who you friend or follow.

Get more information about the security and privacy features of Outlook.com

If you use Outlook.com or Hotmail and think your account has been hacked, you should act right away to help protect your Microsoft account.

If you can still access your Microsoft account, sign in and immediately change your password. For Outlook.com, go to the Password and Security section; for Hotmail, go to the Account overview page in the Account security section.

If you can’t sign in, reset your password.

For more information, see How to recover your hacked Microsoft account.

If you use Outlook.com or Hotmail and think your account has been hacked, you should act right away to help protect your Microsoft account.

If you can still access your Microsoft account, sign in and immediately change your password. For Outlook.com, go to the Password and Security section; for Hotmail, go to the Account overview page in the Account security section.

If you can’t sign in, reset your password.

For more information, see How to recover your hacked Microsoft account.

Last week we answered a question about what to do if your Hotmail account is sending out spam. We mentioned resetting your password if you can’t sign in because your account has been blocked. One way you can unblock it is to respond to an email message sent by Microsoft to the secondary address you listed when you opened the account.

Many of you wrote in asking what to do if you no longer have access to that secondary email account. The answer: you will need to fill out a support request. (In fact, now would be a good time to make sure that your secondary address is correct.)

Even better, you can associate your Hotmail account with your mobile phone number or other information that hackers cannot easily access. For example, if you lose your password or your account is hacked, Hotmail sends you an account-recapture code in a text message to help you regain access.

You can also set up a “trusted PC”—associate your Hotmail account with one or more of your personal computers. If you need to reset your password to regain control of your account and you use a trusted PC, Hotmail will know you are the legitimate owner.

Laura writes:

My Hotmail email address has been hacked. Someone sent out a spam email to everyone in my address book. What do I do?

If it makes you feel any better, Laura, we get this question a lot. Here’s what to do right now:

• If you can still sign in to your account, change your password right away.
• If you can’t sign into your account, try to reset your password.

IMPORTANT: Make sure your new password isn’t one that you use on other accounts or websites. Also, create a password using eight or more characters that don’t form a word that can be found in the dictionary. Find more tips for creating strong passwords.

Should I let everyone know that I’ve been hacked?

Recently we’ve been asked whether we recommend that you send everyone in your contact list an email that warns them not to click on links in emails from you. This really is a personal choice. The most important thing to do is change your password right away.

Personally, we don’t think that an email to everyone in your contact list is necessary. Here’s why:

• It’s time consuming. Your email contact list could contain every person to whom you’ve ever sent a message from that address. Your email program probably won’t allow you to send one message to everyone in your contact list because it will view it as spam.
• We think most people probably already know that a message with a random link is usually spam—especially if it’s from someone who doesn’t contact them regularly. Chances are good that such people make up a majority of your contacts, so they might consider an email telling them what they already know as more spam.

However, if you know of anyone in your contact list who is less computer savvy, it couldn’t hurt to send them an email.

If you use the new Outlook.com free email service and you get spam email from someone, you can notify them and then, from the Mark as menu, click My friend’s been hacked to notify Outlook so we can minimize the damage as soon as possible. Learn more about the new Outlook.com.

What do you think?

Should victims of email hacking notify everyone in their contact list? Give us your opinion in the “Leave a Comment” section below. 

Outlook.com is Microsoft’s new free cloud email service for personal use. You can use Outlook.com with the Outlook desktop application, via the web at http://outlook.com, or via other email apps that support Exchange ActiveSync or POP3.

The new Outlook.com offers several security and privacy features, including:

• Limiting spam in your inbox to less than 3 percent of the items.
• Turning on the encryption feature (SSL) by default, which helps protect your account on wireless networks and public computers.
• Displaying trusted senders in your inbox.

For more information, see Introducing Outlook.com.

Want to keep up with the latest Outlook news? Follow @Outlook on Twitter.

John writes: 

I received an email that said that I won a prize from Microsoft and I am concerned that others may fall for this scam. Can’t anything be done about these types of scams?

The Microsoft Lottery scam is a fraudulent email that claims that you have won a lottery, a prize, a sweepstakes, or another kind of award. The goal of this phishing scam is to convince you to send money to claim your award or to turn over personal information.

Learn more about scams that use the Microsoft name fraudulently.

There is no Microsoft Lottery. If you receive an email like this, you can delete it or you can report it.

How to report an email scam

You can use Microsoft tools to report a suspected scam.

• Internet Explorer. While you are on a suspicious site, click the gear icon and then point to Safety. Then click Report Unsafe Website and use the web page that is displayed to report the website.
• Hotmail. If you receive a suspicious email message that asks for personal information, click the check box next to the message in your Hotmail inbox. Click Mark as and then point to Phishing scam.
• Microsoft Office Outlook. Attach the suspicious email message to a new email message and forward it toreportphishing@antiphishing.org. To learn how to attach an email message to an email message, see Attach a file or other item to an email message.

You can also download the Microsoft Junk E-mail Reporting Add-in for Microsoft Office Outlook.

Spam and other email that you don’t want can clog up your inbox. Some spam can be fraudulent and can contain malicious software or links to malicious websites, but some email can just be annoying. Graymail is email that you signed up for, but you don’t want anymore.

If you use Hotmail, you can get rid of graymail and automate your inbox in just 60 seconds.

Get more information about graymail.

A reader named Karen asks:

“I received a message in my Hotmail inbox that said that I’d been hacked and I should change my password. How do I do this?”

If you think your Hotmail account has been hacked, go to the Reset your password page.

Karen didn’t say whether the message appeared to be from Microsoft or if it was from a friend who received an email from her that looked suspicious (a sign that your account might have been hacked.)

If you receive an email about the security of your account, this could be a scam. Don’t click links in any emails unless you trust the sender. Instead, reset your password.

Get more security tips for Hotmail and learn how to help protect yourself from email and web scams.

Spam filters for email programs are a little like the roof on a house. You wouldn’t want to live without one, but some are better than others.

Recent research from Cascade Insights showed that no email program they tested did better than Hotmail at filtering spam.

Get tricks for getting rid of spam, even if you don’t use Hotmail, and learn how to avoid other email and web scams.

You can also get more detailed information about SmartScreen, Microsoft’s spam-fighting technology, and go beyond the metrics in a detailed blog post by Dick Craddock, Hotmail Group Program Manager. 

If you think you’re a target of a phishing scam or other fraud in an email, Xbox instant message, or on a website, you can report it. Most Microsoft products have built-in tools that make this easier.

Hotmail. If you receive a suspicious email message that asks for personal information, click the check box next to the message in your Hotmail inbox. Click Mark as and then point to Phishing scam.

Xbox 360. If someone is trying to phish you in Xbox 360, bring up the player profile, select File Complaint, select File Complaint again, select Text and Voice Communication and then select Text message to file a complaint, where it will be reviewed by our Enforcement Team.

Internet Explorer. While you are on a suspicious site, click the gear icon () and then point to Safety. Then click Report Unsafe Website and use the web page that is displayed to report the website.

Microsoft Office Outlook. Attach the suspicious email message to a new email message and forward it toreportphishing@antiphishing.org. To learn how to attach an email message to an email message, see Attach a file or other item to an email message.

Get more information about how to report and avoid fraud.

The holidays are here, and that means that more people are travelling for their vacations. We thought this would be a good time to remind you about a popular online scam designed to trick you into thinking that your friend is in trouble on vacation.

When cybercriminals break into someone’s email or social networking account, they might send emails or post messages pretending to be that person. One fairly common email tries to make your friends and contacts believe that you are in trouble, often in a foreign country, and you need them to send you money.

Here’s a message that I received from a colleague a few weeks ago:

I hope you get this on time, I made a trip to Edinburgh Scotland, and had my bag stolen from me with my passport and personal effects therein. The embassy has just issued me a temporary passport but I have to pay for a ticket and settle hotel bills. I’ve made contact with my bank but it would take me days to access funds in my account from Edinburgh, I need you to lend me some funds to cover these expenses. I can give back to you as soon as I get in.

I can be reached by email, as I lost my phone in the robbery and don’t have access to a phone at the moment.

If you are getting emails like this, it probably means that your friend was hacked. Delete the email or report it. If you use Hotmail, you can use the My friend’s been hacked tool to report it. To do this, select the email, point to Mark as and select My friend’s been hacked.

If people on your contact list are getting emails like this, it probably means that someone has stolen or guessed the password to your email account and your email address has been hijacked.

What to do if your friends are getting email messages that appear to come from you:

• If you can still get into your email account, sign in and change your password.
• If you can’t sign in, check the help file of your email provider. You can probably use additional information that you provided when you signed up in order to reset your password.

We sometimes hear from customers who want to know if an email which appears to be from Microsoft is real or not. If you receive an email that claims to come from Microsoft, but it contains an attachment or asks you to send passwords, user names, or financial information, it’s probably a fake. Te best thing to do is to delete it.

This week, Microsoft and other technology companies have joined forces with anti-phishing start-up Agari to help stem the tide of those fake emails.

Read this CNET article for more information about how Agari uses cloud technology to help stop phishing and other kinds of email fraud.

Get more information about how to avoid scams that use the Microsoft name fraudulently.

We recently received this email:

“My Hotmail account was hacked and taken over by the classic ‘I’m in London and I’ve been mugged’ scam. It appears that the hacker has changed the basic verification information on the account and every attempt to reset the password throws me into an endless loop.

How to get my account back?”

It sounds like the author of this email has already tried to reset the password on the account manually. If you’re locked out of your account, the first thing you should always do is attempt to reset your password. Here are a few ways you can do this:

• On the Windows Live Hotmail website sign-in page, click Forgot your password?
• Go to the reset your password link.

First, enter your Windows ID. Then, in the Windows Live ID text box, enter the characters you see in the picture, to prove that you’re not a machine.

Next, you’ll see a screen that offers you options to recover your password using an alternate email address or a mobile phone. If you haven’t associated your account with these alternatives, choose customer support.

The Hotmail team has been busy. Three of our favorite new security improvements are:

No more easy passwords. You might know that millions of people use the word “password” as their password. But did you know that millions of people also use “ilovecats” and “gogiants”? Hackers know this. And so do engineers at Hotmail. That’s why, very soon, you will no longer be able to use these weak passwords and others like it. If you already have a weak password, Hotmail might ask you to change it in the future. Find out how to create a strong password.

Help your hacked friends. The first people to know that your Hotmail account has been compromised are often the people in your contact list who get spam from you. Hotmail has a new feature that lets you report someone else’s account has been hacked. You can even report people who use other email providers and Hotmail will send that information to the appropriate people.

The official Twitter account for the Microsoft Privacy team has relaunched at twitter.com/MSFTPrivacy.

@MSFTPrivacy was launched for us to engage in real-time with our privacy community.  We will use this channel to talk about privacy issues, while raising awareness of Microsoft’s approach to addressing concerns through our data governance policies. Here are recent updates you might be interested in:

• Microsoft initiates Conversations on privacy – The first one is 07/29/11, in Washington D.C.
• Interesting POV on “digital forgetting” in the Washington Post – Researchers try to preserve web history. 
• “Cloud computing to alter workforce,” – Charlotte Observer
• Groupon changes privacy policy to collect, share more information – Post Tech – The Washington Post 
• Microsoft shares source code for Wi-Fi data collection software. 
• Microsoft’s Brendon Lynch joins FCC 2 discuss location-based services & privacy.  

Follow the Microsoft Privacy team.

The Microsoft Online Safety team also regularly tweets at twitter.com/safer_online. Here, the focus is on Internet safety for families, but we also include relevant privacy and security news.

Recent updates:

• FBI raids alleged Anonymous homes. 
• Microsoft plans increased integration of cloud, security technologies.
• Hotmail banning common passwords to beef up security.
• Internet Explorer 9 tops other browsers in blocking social engineering attacks. 
• New Android phone malware indicates transition to mobile platform attacks. 

 Follow the Microsoft Online Safety team.

Right now, in the United States, summer vacation season is here and so are scams. Here are three tips to help you avoid summer travel scams.

1. Watch out for deals that look too good to be true. If you’re still making vacation plans, then you’re probably looking for deals. If a deal looks too good to be true, it probably is. Scammers regularly post fake vacation rental home ads on sites like Craigslist and “free vacation” offers that you get by email probably have strings attached. 

If you’re buying tickets or vacation packages online, make sure you follow the same due diligence that you do whenever you buy anything online.
 
For more information, see Email and web scams: How to help protect yourself.
 
2. Your friend probably didn’t just get robbed in a foreign country. A scammer can take over (or hijack) an email account and send an email to you that looks like it is from a friend. When scammers hijack an email account they regularly prey on the goodwill of the people in your contact list. If you get an email from a friend who needs you to send him money while he’s on his vacation, be suspicious. Find a different way to try to contact your friend to find out if this email really came from him. With Hotmail you can now report a friend who you think has been scammed, even if that friend doesn’t use Hotmail.

For more information, see “I’ve been mugged. Send money!”

3. Be careful with vacation details that you post on your social networking sites and out-of-office emails. We’re not saying that you shouldn’t brag about your Italian vacation to all of your Facebook friends and Twitter followers. We’re just suggesting that you wait until you get home in order to prevent this information from falling into the wrong hands.

For more information, see 11 tips for social networking safety.

Finally, while you probably need to set up an email auto-responder to inform your co-workers that you’ll be out of the office, you probably don’t need to do the same for your personal email account. You can decide if it’s worth it to risk alerting cybercriminals that you’re on vacation.
For more information about security on-the-go, see our Mobile and wireless section.

Did you know that you can chat with Facebook friends within Hotmail? Just connect your Facebook account to Windows Live and be sure the “Chat with my Facebook friends in Messenger” box is selected.

No matter where you’re chatting, it’s a good idea to be cautious. There are a few basic chatting and social networking tips to help you avoid identity theft and other scams:

• Never include passwords, financial information, or other sensitive information in chat.
• Be careful clicking on links in chat windows, especially if you don’t know the person you’re chatting with.
• If you allow your kids to chat or use a social networking site, be sure they meet the minimum age requirement.

For more information, see 11 tips for social networking safety.

We used to recommend that you increase the security of your Hotmail account by creating a new account, one that you would give to online retailers or other organizations that might send a lot of unwanted email.

Now, if you have a Hotmail account, you can create an alias within your account instead of creating an entirely new account. Mail addressed to your alias will go to a separate folder that you designate. When you’re done with the alias, you can get rid of it.

Whomever you give this address to will not know your real email address. This means less spam and more privacy.

Hotmail lets you create up to five email aliases within your account each year. You can create a different alias for each aspect of your online life. For example, you might have one alias for gaming, one for communicating with old friends, and one for your work life.

For step-by-step instructions, see Aliases in Windows Live Hotmail.

These days almost everything online requires a password. You already know that you should use complicated passwords and that you shouldn’t use the same password for every account. Here are more tips on how to create stronger passwords and how to test your password strength.

If you want to know why it’s so important to create different strong passwords for all of your accounts (and to change them often), see How I’d hack your passwords by MSN Money blogger, John Pozadzides.