Well, maybe not.

But that’s just one of the many ploys that scammers send in their relentless efforts to part people from their money or sensitive personal information like passwords and account numbers.

Microsoft is asking people to take a survey of their experience with online fraud—what kinds of scams they’ve encountered (including those on mobile devices and Facebook), how concerned they are about online or phone fraud, and what steps they take to protect themselves.

In 2012, Microsoft fielded its first such study, interviewing 1,000 US residents to understand their exposure to, and perception of, online fraud and scams.

Respondents reported having encountered roughly eight different scams on average, with these as the top four:

• Scams that promise free things or coupons (44 percent)

• Fake antivirus alerts that imitate real programs offering virus repair but that download malware instead (40 percent)

• Phishing scams using fake messages that mimic those of trusted businesses to trick people into revealing personal information (39 percent)

• Fraud that features a request for bank information or money upfront from someone (such as a “foreign prince”) who needs help transferring large sums of money for a cut of the total (39 percent)

In the new survey, we’re interested in how scams and responses to scams might have changed since 2012. Are there different scams? What are the most common? Where are they most often occurring—on mobile devices? On Facebook?

Results of our last survey showed that nearly everyone (97 percent) took steps to safeguard their computers, but more than half (52 percent) did nothing at all to protect their mobile devices. So we’re particularly interested to see if these numbers have changed. 

You can help us fight online scams and fraud by taking our survey.

We will release the results of the survey during National Cyber Security Awareness Month this October. Follow the hashtag #NCSAM to read the story. 

Well, maybe not.

But that’s just one of the many ploys that scammers send in their relentless efforts to part people from their money or sensitive personal information like passwords and account numbers.

Microsoft is asking people to take a survey of their experience with online fraud—what kinds of scams they’ve encountered (including those on mobile devices and Facebook), how concerned they are about online or phone fraud, and what steps they take to protect themselves.

In 2012, Microsoft fielded its first such study, interviewing 1,000 US residents to understand their exposure to, and perception of, online fraud and scams.

Respondents reported having encountered roughly eight different scams on average, with these as the top four:

• Scams that promise free things or coupons (44 percent)
• Fake antivirus alerts that imitate real programs offering virus repair but that download malware instead (40 percent)
• Phishing scams using fake messages that mimic those of trusted businesses to trick people into revealing personal information (39 percent)
• Fraud that features a request for bank information or money upfront from someone (such as a “foreign prince”) who needs help transferring large sums of money for a cut of the total (39 percent)

In the new survey, we’re interested in how scams and responses to scams might have changed since 2012. Are there different scams? What are the most common? Where are they most often occurring—on mobile devices? On Facebook?

Results of our last survey showed that nearly everyone (97 percent) took steps to safeguard their computers, but more than half (52 percent) did nothing at all to protect their mobile devices. So we’re particularly interested to see if these numbers have changed.

You can help us fight online scams and fraud by taking our survey.

We will release the results of the survey during National Cyber Security Awareness Month this October. Follow the hashtag #NCSAM to read the story.

We’ve noticed comments from many of you asking why we want you to verify your Microsoft security information. We’d like to explain why verifying this information is important. To help protect your email account and your personal data, we ask everyone who has a Microsoft account to make sure that the security information associated with their account is correct and up to date. When your security information (like an alternate email address or phone number) is current, we can use it to verify your identity.

For example, if you forget your password or if someone else tries to take over your account, Microsoft uses your security details to help you get back into your account.

If you see a message asking you to update or verify your Microsoft account security information, you have seven days to do it. If you no longer have access to your security information, you will have to fill out a support request.

Get a quick overview of how to add security info to your account

We’ve noticed comments from many of you asking why we want you to verify your Microsoft security information. We’d like to explain why verifying this information is important. To help protect your email account and your personal data, we ask everyone who has a Microsoft account to make sure that the security information associated with their account is correct and up to date. When your security information (like an alternate email address or phone number) is current, we can use it to verify your identity.

For example, if you forget your password or if someone else tries to take over your account, Microsoft uses your security details to help you get back into your account.

If you see a message asking you to update or verify your Microsoft account security information, you have seven days to do it. If you no longer have access to your security information, you will have to fill out a support request.

Get a quick overview of how to add security info to your account

Summer is in full swing. Here are our best safety and security tips for the season.

1. Don’t broadcast vacation plans on your social networking sites. If you’re leaving your home unoccupied and at risk for potential burglary, you might want to wait to post your vacation photographs until you return home. Get more tips for email and social networking safety.

2. Limit who knows your location. Before you go on vacation, take a few minutes to adjust settings for sharing your location on your social networking sites and any apps on your smartphone. If you have kids who go online, make sure they know this, too. For more information, see Use location services more safely.

3. Set computer and device rules for when you’re not around. If your kids are old enough to stay home alone when they’re not at school, make sure you talk to them about Internet safety. Download our tip sheet for pointers to jump-start—or continue—online safety conversations.

4. Learn how to use parental controls. All Microsoft products include built-in privacy controls and safeguards that put you in charge of your children’s entertainment experiences and allow you to customize how personal information is, or is not, shared. Get step-by-step guidance on how to switch on safety settings across Microsoft technology and devices at home.

5. Stay safe when playing games online. If your children’s summer sport of choice is the Xbox, Xbox One, Kinect, or other online or console game, learn about the core family safety features of Xbox One and find other ways to help kids play it safe.

6. Update your software on your laptop or tablet. Before you go on vacation, make sure all your software is updated, to help prevent problems caused by hackers. If your laptop is still running Windows XP, read about the end of support for Windows XP.

7. Check the security level of public Wi-Fi networks before you use them. Choose the most secure connection—even if that means you have to pay for access. A password-protected connection (ideally one that is unique for your use) is better than one without a password. Both Windows 7 and Windows 8 can help you evaluate and minimize network security risks.

8. Avoid typing sensitive information on your laptop using an unsecured wireless connection. If possible, save your financial transactions for after your summer vacation on a secured home connection. For more information, see How to know if a financial transaction is secure.

9. Watch out for suspicious messages from your friends on vacation asking for money. This is a common scam cybercriminals use when they’ve hacked into someone’s account. Find a different way to contact your friend. Learn more about scam email messages.

Your Microsoft account (formerly your Windows Live ID) is the combination of an email address and a password that you use to sign in to services such as Xbox LIVE and Outlook.com, as well as devices such as Windows Phone and computers running Windows 8.

A Microsoft account is free and you can use it to:

• Purchase apps from the Windows Store
• Back up all your data using free cloud storage
• Keep all your devices, photos, friends, games, settings, music, up to date and in sync.

5 ways to help protect your Microsoft account

1. Create a strong password. Strong passwords use a combination of uppercase and lowercase letters, numerals, punctuation marks, and symbols. The longer the better, and don’t use personal information (such as a pet’s name, nickname, or driver’s license number) that can be easily guessed.
2. Protect your password. Don’t use the same password you use on other sites, and remember to change your Microsoft account password (as well as other passwords) regularly. Watch out for email social engineering scams designed to trick you into turning over your password to a cybercriminal.
3. Enable two-step verification. Two-step verification uses two ways to verify your identity whenever you sign in to your Microsoft account. Two-step verification is optional, but we recommend that you use it. Learn how to turn it on.
4. Make sure the security information associated with your account is current. If the alternate email address or phone number you’ve given us changes, update the settings of your account so that we can contact you if there’s a problem.
5. Watch out for phishing scams. If you receive an email message about the security of your Microsoft account, it could be a phishing scam. Don’t click links in any messages unless you trust or check with the sender. 

Don’t have a Microsoft account yet? See How do I sign up for a Microsoft account?

On April 8, 2014, security researchers announced a flaw in the software that is used to protect your information on the web. The vulnerability, known as “Heartbleed,” could potentially allow a cyberattacker to access personal information.

After a thorough investigation, Microsoft determined that Microsoft Account, Microsoft Azure, Office 365, Yammer, and Skype, along with most Microsoft Services, are not impacted by the “Heartbleed” vulnerability. A few services continue to be reviewed and updated with further protections.

We encourage you to be careful what information you provide to websites and help protect the security of your online accounts by using different passwords for different websites, changing your passwords often, and making your passwords as complex as possible.

For more information, see Microsoft Services unaffected by Open SSL “Heartbleed” vulnerability.

To celebrate April Fool’s Day, read about the email, web, social networking, and phone scams that we hear about most often.

Scams that use the Microsoft name or names of other well-known companies. These scams include fake email messages or websites that use the Microsoft name. The email message might claim that you have won a Microsoft contest, that Microsoft needs your logon information or password, or that a Microsoft representative is contacting you to help you with your computer. (These fake tech-support scams are often delivered by phone.) For more information, see Avoid scams that use the Microsoft name fraudulently.

Rogue security software scams. Rogue security software, also known as “scareware,” is software that appears to be beneficial from a security perspective but provides limited or no security, generates erroneous or misleading alerts, or attempts to lure you into participating in fraudulent transactions. These scams can appear in email, online advertisements, your social networking site, search engine results, or even in pop-up windows on your computer that might appear to be part of your operating system, but are not. For more information, see Watch out for fake virus alerts.

Ransomware scams. If you see a pop-up window, webpage, or email message warning you that your computer has been locked because of possible illegal activities, you might be a victim of a criminal extortion scam called ransomware. Ransomware often masquerades as an official-looking warning from a well-known law enforcement agency, such as the US Federal Bureau of Investigation (FBI). For more information, see Help! Someone is holding my computer hostage.

Browser hijacking. Browser hijacking is a type of online fraud. Scammers use malicious software to take control of your computer’s Internet browser and change how and what it displays when you’re surfing the web. Many browser hijackings come from add-on software, also known as browser extensions, browser helper objects, or toolbars. Pay attentions to Internet Explorer warnings when you download software and learn the signs of trusted websites. For more information, see Fix your hijacked web browser.

Resources to help you avoid scams

• Email and web scams: How to help protect yourself
• How to recognize phishing email messages, links, or phone calls
• Protect yourself from cybersquatting and fake web addresses

A reader asks:

What can I do if my account has been hacked and I haven’t already added security information to it?

It would be easier to recover your account if you had already associated it with information that cybercriminals can’t easily access, like your mobile phone number or an alternate email address. For example, if your account is compromised, Microsoft could send you an account-recapture code in a text message to help you regain access to your account. If you do have access to your account, add security information to your account now.

If you haven’t already added security information to your account 

Scan your PC for viruses

 If your account has been hacked and you can’t get access to it, the first thing you should do is scan your computer for viruses. Do this before you try to change your password. Hackers get your password through malware that’s been installed on your PC without your knowledge (for example, when you download a new screen saver, toolbar, or other software from an untrustworthy source.) It’s important to clear your PC of viruses or malware before you change your password. That way, the hackers won’t get your new password.

If your computer is running Windows 8

Use the built-in Windows Defender to help you get rid of a virus or other malware.

Here’s how: 

1. From the Search charm, search for defender, and then open Windows Defender.

2. On the Home tab, choose a scan option, and then tap or click Scan now.

In addition to the color codes for your PC’s overall security status, Windows Defender applies an alert level to any suspected malware it detects. You can decide whether to remove an item entirely, research it further, or let it run because you recognize it.

 If your computer is running Windows 7 or Windows Vista 

• Run the Microsoft Safety Scanner. The scanner works with the antivirus software that you already have on your computer, regardless of whether the software is from Microsoft.

• Download Microsoft Security Essentials for free, and then use the software to run a scan of your computer. For more information, see Help protect your PC with Microsoft Security Essentials. (Note: Some viruses will prevent you from downloading Microsoft Security Essentials. If you can’t download the software, follow the instructions for using Windows Defender Offline.)

• Some malicious software can be difficult to remove. If your antivirus software detects malware but can’t remove it, follow these steps.

Get more help removing viruses

Reset your password

Once you’ve scanned your computer for viruses, reset the password on your account.

If you can’t reset your password, and you haven’t already added security information to your account, you can still get back into the account by filling out a questionnaire. You will be asked specific questions about the account and email messages that might be stored there. Someone will get back to you within 24 hours (typically a lot sooner).

For more information, see How to recover your hacked Microsoft account.

We’ve received reports that cybercriminals are at it again, luring unsuspecting taxpayers in the United States into handing over their personal information as they rush to file their taxes before the deadline.

Here are 6 ways to help protect yourself.

1.     Beware of all email, text, or social networking messages that appear to be from the IRS. Cybercriminals often send fraudulent messages meant to trick you into revealing your social security number, account numbers, or other personal information. They’ll even use the IRS logo. Read more about how the IRS does not initiate contact with taxpayers by email or use any social media tools to request personal or financial information.
2.       Use technology to help detect scams. Scams that ask for personal or financial information are called “phishing scams.” Internet Explorer, Microsoft Outlook, and other programs have anti-phishing protection built in. Read more about identity theft protection tools that can help you avoid tax scams.
3.       Check to see if you already have antivirus software. If a cybercriminal does fool you with a tax scam that involves downloading malware onto your computer, you might already be protected by your antivirus software. If your computer is running Windows 8, you have antivirus software built in. Download Microsoft Security Essentials at no cost for Windows 7 and Windows Vista. 
4.       Make sure the website uses secure technology. If you’re filing your taxes on the web, make sure that the web address begins with https, and check to see if a tiny locked padlock appears at the bottom right of the screen. For more information, see How do I know if I can trust a website and What is HTTPs?
5.       Think before you download tax apps. Download apps only from major app stores—the Windows Phone Store or Apple’s App Store, for example—and stick to popular apps with numerous reviews and comments.
6.       Be realistic. If it sounds too good to be true, it probably is. From companies that promise to file your taxes for free, to websites that claim you don’t have to pay income tax because it’s unconstitutional—keep an eye out for deliberately misleading statements.

If someone calls you from Microsoft tech support to help you fix your computer, mobile phone, or tablet, this is a scam designed to install malicious software on your computer, steal your personal information, or both.

Do not trust unsolicited calls. Do not provide any personal information.

What you need to know about tech support phone scams:

1. Microsoft will not make unsolicited phone calls about computer security or software fixes. If you receive a call like this one, it’s a scam, and all you need to do is hang up.

2. Cybercriminals often use publicly available phone directories, so they might know your name and other personal information when they call you. They might even guess what operating system you’re using.

3. If you have already given access to your computer to someone who claimed to be from Microsoft, immediately change your computers password, download the Microsoft Safety Scanner, and then make sure you have antivirus software installed.

4. If you gave someone your credit card information to pay for services, contact your credit card company and alert them to this fraudulent purchase.

5. The Federal Trade Commission (FTC) has received reports that criminals are taking advantage of consumers’ knowledge of the scam by calling to offer refunds for phony tech support. This is also a scam.

For more information, see Avoid tech support phone scams.

If you’re going to be connecting online this Valentine’s Day (or ever), follow these safety and privacy tips.

1. Avoid catfishing. This is a type of social engineering designed to entice you into a relationship in order to steal your personal information, your money, or both. Always remember that people on the other end of online conversations might not be who they say they are. Treat all email and social networking messages with caution when they come from someone you don’t know.
2.  Use online dating websites you trust. Knowing when to trust a website depends in part on who publishes it, what information they want, and what you want from the site. Before you sign up on a site, read the privacy policy. Can’t find it? Find another site. For more information, see How do I know if I can trust a website?
3.  Be careful with the information you post on online. Before you put anything on a social networking site, personal website, or dating profile, think about what you are posting, who you are sharing it with, and how this will reflect on your online reputation. For more information, watch this video about the dangers of oversharing.
4.  Be smart about details in photographs. Photographs can reveal a lot of personal information, including identifiable details such as street signs, house numbers, or your car’s license plate. Photographs can also reveal location information. For more information, see Use location services more safely.
5.  Block and report suspicious people. Use the tools in your email, social networking program, or dating website to block and report unwanted contact. Read this if you think you might already be a victim of a scam.

You can reduce your chances of being hacked by regularly changing the passwords on all the accounts where you enter financial or other sensitive information. Set an automatic reminder to update passwords on your email, banking, and credit card websites every three months.

Different sites have different rules for passwords that they’ll accept, but here is some basic guidance on how to create strong passwords:

• Length. Make your passwords at least eight (8) characters long.
• Complexity. Include a combination of at least three (3) upper and/or lowercase letters, punctuation, symbols, and numerals. The more variety of characters in your password, the better.
• Variety. Don’t use the same password for everything. Cybercriminals can steal passwords from websites that have poor security and then use those same passwords to target more secure environments, such as banking websites.

Learn more about how to create strong passwords and protect your passwords.

If you think someone has gone into your account and changed your password, learn how to recover a hacked account.

Chances are good that you or someone in your life got a new PC, laptop, tablet, phone, or other device this holiday season. If you’re going to recycle, donate, or dispose of an old device, help protect your privacy by removing your personal information first.

You can do this yourself, or you can have an authorized refurbisher do it for you.  

Read our step-by-step guide on how to back up your files and choose which method of erasing your hard drive is right for you: How to more safely dispose of computers and other devices.

Also, get information about how to recycle hardware, packaging, and batteries.

It’s a new year, which means it’s time to resolve to create healthier habits in our daily lives. But we don’t have to stop at just improving our body, mind, and spirit. It’s also a good idea to resolve to keep our PCs, laptops, smartphones, and social networking sites healthy this year.

1. Keep your software up to date. You can help protect against viruses, fraud, and more by keeping your operating system, antivirus software, antispyware software, web browser, and other software updated. Microsoft releases security updates on the second Tuesday of every month. Learn how to get security updates automatically.

2. Create strong passwords, keep them secret, and change them regularly. This is particularly important for those passwords that safeguard your computer, important accounts (like email or Facebook), and sensitive information, like financial and health data. Get more information about creating strong passwords and protecting them.

3. Use antivirus software. If your computer is running Windows 8, you can use the built-in Windows Defender to help you detect and get rid of spyware and other malware. If your computer is running Windows 7, Windows Vista, or Windows XP, Windows Defender removes spyware.

4. Check and adjust your privacy settings. You can participate in the online world and keep your information private. Learn more about how to manage your privacy settings in Windows, Internet Explorer, your Microsoft account, Windows Phone, and more. 

If you’re travelling this holiday season and you plan to be online, here are a few ways to protect yourself and your family:

• Before you go, make sure all your software (and especially your antivirus software) is up to date. Learn how to get security updates automatically.
• Be careful with vacation details that you post on your social networking sites and out-of-office emails. Get more guidance for email and social networking.
• Don’t advertise the fact that you’re going to be away from your house for long periods of time. Also, be wary of using location services on your mobile devices that track your location. If you use a Windows Phone, see Location and my privacy FAQ              .
• Make sure your kids know the basics of online safety. If you’ve recently bought them a new mobile device, see our new Digital Gift-Giving Checklist.

Get more mobile and wireless tips.

If you want to stay home and avoid the crowds this holiday season, you can do all your shopping online. But before you log on, make sure you know how to identify websites that won’t compromise your privacy.

Before you enter your credit card number, check for signs that a site is safe:

• Verify that the web address starts with https.
• Check for a lock icon  in the web address window.
• Look for a seal of approval from an outside Internet trust organization.

Read more about how to know whether you can trust a website.

If you trust a website, there are still things that you can do to protect your privacy:

• Use a strong password that you don’t use at other sites. (Use this password tool to check the strength of your password.)
• If you use Internet Explorer 10, adjust your privacy settings.
• Avoid entering sensitive information if you’re using a public wireless network.
• Look for deals that are too good to be true. Read about a recent scam involving Xbox One.

Read more about how to make safer transactions online.

It’s no secret that the website designed to help Americans sign up for health insurance under the new Affordable Care Act has had technical issues. We’ve heard reports that scammers are taking advantage of the technical glitches to send out fake email messages or posts on social networking websites.

These scams, known as “phishing,” are designed to trick you into installing malicious software or to direct you to fraudulent websites, where you are asked to enter credit card and other personal or financial information.

To avoid getting tricked by these and other kinds of scams, or to minimize the damage they cause:

• Use a firewall.
• Update your software.
• Use antivirus and antispyware software.
• Learn to recognize phishing emails, links, or phone calls.
• Before entering any personal information on a website, make sure that the URL in the address bar starts with HTTPS (instead of HTTP) and includes the lock icon.

Knowing when to trust a website depends in part on who publishes it, what information they want, and what you want from the site.

Here are five reasons to think twice before sharing information with a website.

1.       The site asks for personal information on a page whose URL does not start with HTTPS. If the URL in the address bar starts with HTTPS (instead of HTTP), the page is more secure. Never type passwords or other personal information unless you see the HTTPS.

2.       The site isn’t certified by an Internet trust organization. You can increase your privacy and security by shopping only at sites and using only services that have been certified by organizations such as TRUSTe , BBB Online, or the WebTrust website.

3.       You don’t know why they need the personal information. Watch out for sites that ask for credit card numbers or other financial information to verify your identity.

4.       You can’t find a privacy policy or privacy statement. Websites should outline the terms and circumstances regarding if or how they will share your information. If you can’t find this information, consider taking your business elsewhere.

5.       The site looks suspicious. Be wary of deals that sound too good to be true, offers that you receive in email messages from someone you don’t know, and email messages that you suspect might be spam.

 For more information, see:

• How do I know if I can trust a website?
• Six rules for safer financial transactions online
• How to shop online more safely

Tom asks:

I’m getting messages from Microsoft about my email account. The messages say that my account is blocked and I can only unblock it with a credit card number. Is this legit?

No, these messages sound like a phishing scam, a type of identity theft designed to steal your personal information, such as credit card numbers, passwords, account data, or other information. Never provide personal information in response to requests like this. In fact, it’s best not to respond at all. Instead, delete the email message and report it.

If you can’t access your email account, get information on how to recover your hacked account.

Learn how to help protect yourself from email and web scams

If you’ve been a victim of identity theft in the United States, report it right away to the U.S. Federal Trade Commission.