If someone calls you from Microsoft technical support and offers to help you fix your computer, mobile phone, or tablet, this is a scam designed to install malicious software on your computer, steal your personal information, or both.

Do not trust unsolicited calls. Do not provide any personal information.

You can report this scam to the following authorities:

• In the United States, use the FTC Complaint Assistant form.

• In Canada, the Canadian Anti-Fraud Centre can provide support.

• In the United Kingdom, you can report fraud as well as unsolicited calls.

Whenever you receive a phone call or see a pop-up window on your PC and feel uncertain whether it is from someone at Microsoft, don’t take the risk. Reach out directly to one of our technical support experts dedicated to helping you at the Microsoft Answer Desk. Or you can simply call us at 1-800-426-9400 or one of our customer service phone numbers for people located around the world. 

If someone calls you from Microsoft technical support and offers to help you fix your computer, mobile phone, or tablet, this is a scam designed to install malicious software on your computer, steal your personal information, or both.

Do not trust unsolicited calls. Do not provide any personal information.

You can report this scam to the following authorities:

• In the United States, use the FTC Complaint Assistant form.
• In Canada, the Canadian Anti-Fraud Centre can provide support.
• In the United Kingdom, you can report fraud as well as unsolicited calls.

Whenever you receive a phone call or see a pop-up window on your PC and feel uncertain whether it is from someone at Microsoft, don’t take the risk. Reach out directly to one of our technical support experts dedicated to helping you at the Microsoft Answer Desk. Or you can simply call us at 1-800-426-9400 or one of our customer service phone numbers for people located around the world.

Well, maybe not.

But that’s just one of the many ploys that scammers send in their relentless efforts to part people from their money or sensitive personal information like passwords and account numbers.

Microsoft is asking people to take a survey of their experience with online fraud—what kinds of scams they’ve encountered (including those on mobile devices and Facebook), how concerned they are about online or phone fraud, and what steps they take to protect themselves.

In 2012, Microsoft fielded its first such study, interviewing 1,000 US residents to understand their exposure to, and perception of, online fraud and scams.

Respondents reported having encountered roughly eight different scams on average, with these as the top four:

• Scams that promise free things or coupons (44 percent)

• Fake antivirus alerts that imitate real programs offering virus repair but that download malware instead (40 percent)

• Phishing scams using fake messages that mimic those of trusted businesses to trick people into revealing personal information (39 percent)

• Fraud that features a request for bank information or money upfront from someone (such as a “foreign prince”) who needs help transferring large sums of money for a cut of the total (39 percent)

In the new survey, we’re interested in how scams and responses to scams might have changed since 2012. Are there different scams? What are the most common? Where are they most often occurring—on mobile devices? On Facebook?

Results of our last survey showed that nearly everyone (97 percent) took steps to safeguard their computers, but more than half (52 percent) did nothing at all to protect their mobile devices. So we’re particularly interested to see if these numbers have changed. 

You can help us fight online scams and fraud by taking our survey.

We will release the results of the survey during National Cyber Security Awareness Month this October. Follow the hashtag #NCSAM to read the story. 

Well, maybe not.

But that’s just one of the many ploys that scammers send in their relentless efforts to part people from their money or sensitive personal information like passwords and account numbers.

Microsoft is asking people to take a survey of their experience with online fraud—what kinds of scams they’ve encountered (including those on mobile devices and Facebook), how concerned they are about online or phone fraud, and what steps they take to protect themselves.

In 2012, Microsoft fielded its first such study, interviewing 1,000 US residents to understand their exposure to, and perception of, online fraud and scams.

Respondents reported having encountered roughly eight different scams on average, with these as the top four:

• Scams that promise free things or coupons (44 percent)
• Fake antivirus alerts that imitate real programs offering virus repair but that download malware instead (40 percent)
• Phishing scams using fake messages that mimic those of trusted businesses to trick people into revealing personal information (39 percent)
• Fraud that features a request for bank information or money upfront from someone (such as a “foreign prince”) who needs help transferring large sums of money for a cut of the total (39 percent)

In the new survey, we’re interested in how scams and responses to scams might have changed since 2012. Are there different scams? What are the most common? Where are they most often occurring—on mobile devices? On Facebook?

Results of our last survey showed that nearly everyone (97 percent) took steps to safeguard their computers, but more than half (52 percent) did nothing at all to protect their mobile devices. So we’re particularly interested to see if these numbers have changed.

You can help us fight online scams and fraud by taking our survey.

We will release the results of the survey during National Cyber Security Awareness Month this October. Follow the hashtag #NCSAM to read the story.

We’ve received reports that cybercriminals are at it again, luring unsuspecting taxpayers in the United States into handing over their personal information as they rush to file their taxes before the deadline.

Here are 6 ways to help protect yourself.

1.     Beware of all email, text, or social networking messages that appear to be from the IRS. Cybercriminals often send fraudulent messages meant to trick you into revealing your social security number, account numbers, or other personal information. They’ll even use the IRS logo. Read more about how the IRS does not initiate contact with taxpayers by email or use any social media tools to request personal or financial information.
2.       Use technology to help detect scams. Scams that ask for personal or financial information are called “phishing scams.” Internet Explorer, Microsoft Outlook, and other programs have anti-phishing protection built in. Read more about identity theft protection tools that can help you avoid tax scams.
3.       Check to see if you already have antivirus software. If a cybercriminal does fool you with a tax scam that involves downloading malware onto your computer, you might already be protected by your antivirus software. If your computer is running Windows 8, you have antivirus software built in. Download Microsoft Security Essentials at no cost for Windows 7 and Windows Vista. 
4.       Make sure the website uses secure technology. If you’re filing your taxes on the web, make sure that the web address begins with https, and check to see if a tiny locked padlock appears at the bottom right of the screen. For more information, see How do I know if I can trust a website and What is HTTPs?
5.       Think before you download tax apps. Download apps only from major app stores—the Windows Phone Store or Apple’s App Store, for example—and stick to popular apps with numerous reviews and comments.
6.       Be realistic. If it sounds too good to be true, it probably is. From companies that promise to file your taxes for free, to websites that claim you don’t have to pay income tax because it’s unconstitutional—keep an eye out for deliberately misleading statements.

If you’re going to be connecting online this Valentine’s Day (or ever), follow these safety and privacy tips.

1. Avoid catfishing. This is a type of social engineering designed to entice you into a relationship in order to steal your personal information, your money, or both. Always remember that people on the other end of online conversations might not be who they say they are. Treat all email and social networking messages with caution when they come from someone you don’t know.
2.  Use online dating websites you trust. Knowing when to trust a website depends in part on who publishes it, what information they want, and what you want from the site. Before you sign up on a site, read the privacy policy. Can’t find it? Find another site. For more information, see How do I know if I can trust a website?
3.  Be careful with the information you post on online. Before you put anything on a social networking site, personal website, or dating profile, think about what you are posting, who you are sharing it with, and how this will reflect on your online reputation. For more information, watch this video about the dangers of oversharing.
4.  Be smart about details in photographs. Photographs can reveal a lot of personal information, including identifiable details such as street signs, house numbers, or your car’s license plate. Photographs can also reveal location information. For more information, see Use location services more safely.
5.  Block and report suspicious people. Use the tools in your email, social networking program, or dating website to block and report unwanted contact. Read this if you think you might already be a victim of a scam.

Tom asks:

I’m getting messages from Microsoft about my email account. The messages say that my account is blocked and I can only unblock it with a credit card number. Is this legit?

No, these messages sound like a phishing scam, a type of identity theft designed to steal your personal information, such as credit card numbers, passwords, account data, or other information. Never provide personal information in response to requests like this. In fact, it’s best not to respond at all. Instead, delete the email message and report it.

If you can’t access your email account, get information on how to recover your hacked account.

Learn how to help protect yourself from email and web scams

If you’ve been a victim of identity theft in the United States, report it right away to the U.S. Federal Trade Commission. 

John writes:

I got an email saying that illegal materials were found on my computer and it would be locked until I paid a fine. Is this a scam?

Yes, this sounds like a common blackmail scam called ransomware. Ransomware is an email, website or pop-up window that displays warnings about possible illegal activities and demands payment before you can access your files and programs again. Delete the email and report it immediately.

Do you think you might have already fallen for a ransomware scam? Find out what to do.

The news is filled with stories about people, famous and otherwise, getting caught in online dating scams. The phenomenon is so common that it now has a name: Catfishing. The term catfishing comes from the 2010 movie Catfish about a man who was lured into a relationship by a scammer who was using a fake social networking profile.

Catfishing is a kind of social engineering. It’s similar to messages that claim that your computer has a virus, that you’ve won a lottery, or that you can earn money for little or no effort on your part. All of these scams are designed to “hook” you with fear, vanity, and too-good-to-be-true offers. The cybercriminal in a catfishing scam might post fake pictures or send encouraging messages to entice you into a relationship, but the goal is the same as in other scams: The scammer wants to steal your personal information, your money, or both.

3 ways to help avoid catfishing

• Always remember that people on the other end of online conversations might not be who they say they are. Treat all emails and social networking messages with caution when they come from someone you don’t know.
• Never share your passwords, even with someone you trust. If you think your accounts have been compromised, change your passwords as soon as possible.
• If you suspect that someone is catfishing you, report them.

For more general tips and advice on how to avoid scams, download our free 12-page booklet, Online Fraud: Your Guide to Prevention, Detection, and Recovery (PDF file, 2.33 MB), and browse our other resources on how to protect yourself online.

Although Microsoft was founded 38 years ago this month, don’t fall for a widespread scam that offers free “Xbox points” for wishing the company a happy birthday. Online offers that seem too good to be true probably are. Learn more about common scams that use the Microsoft name.

One way to recognize a scam is to check for inaccurate spelling or wording. Points used on Xbox LIVE Marketplace are actually called “Microsoft Points” (not “Xbox points”). You can purchase them on your console dashboard at Xbox.com or at a video game retailer. Learn more about Microsoft Points and Xbox LIVE Rewards.

See our Facebook page message about this scam

On April Fools’ Day you might have fun being the recipient or the instigator of a harmless prank or two, but it’s good for you to know about online pranks we’ve seen that are far from harmless.

Phone scams. Cybercriminals don’t just email you or post on your social networking site anymore. They call you, pretending to be Microsoft tech support and offering to help you fix your computer. Microsoft will not make unsolicited calls to offer support. For more information, see Avoid tech support phone scams.

Verify your account scam. If you receive an email message that asks you to verify your username and password for your Microsoft account, your Hotmail account, or other account, it’s a scam designed to steal your personal information. The message often includes the threat of immediate account closure. Microsoft will not close your account if you do not provide personal information in an email. For more information, see Avoid scams that use the Microsoft name fraudulently.

Fake security software scams. If you see a pop-up window saying that your computer is infected or unprotected it could be a scam known as “rogue security software” or “scareware.” Rogue security software might report a virus, even though your computer is actually clean. For examples of rogue security software, see our Real vs. Rogue Facebook app.

Learn about how to help protect yourself from other popular scams

We’ve received increased reports of a new phishing scam email message that uses the name and official logo of the Microsoft Digital Crimes Unit (DCU). The wording varies, but it looks like a security measure and says you need to validate your account by confirming your user name and password or by opening a file attached to the message.  

This is a fake message, but DCU is a real worldwide team of lawyers, investigators, technical analysts, and other specialists working to transform the fight against digital crime through partnerships and legal and technical breakthroughs that destroy the way cybercriminals operate. The DCU is a unique team in the tech industry, focused on disrupting some of the most difficult cybercrime threats facing society today – including malicious software crimes fueled by the use of botnets and technology-facilitated child sexual exploitation.

DCU does not send email to individuals asking them to validate their account information.  If you get one of these email messages, it is a scam. 

There are legitimate times when, in the course of a botnet cleanup effort, DCU will work to inform known victims of a particular threat to help them remove the botnet malware and regain control of their computer.  Sometimes Microsoft will work with Internet service providers (ISPs) and Computer Emergency Response Teams, who in turn will work to inform malware victims by communicating through their already-established relationship with their ISP customers. This enables ISPs to be able to reach victims in a way that is clearly verifiable to botnet victims as legitimate.  Other times, Microsoft may indeed notify victims directly – but not in email and not to verify account information, as the phishing scams claim. 

When DCU does inform victims directly about a known malware infection on their computer, like in the recent case involving the Bamital botnet takedown, it will not ask people to click on a link or download an attachment.  Rather, DCU’s communication will be done over a secured connection and will be readily verifiable as legitimately coming from Microsoft.  These notifications will often also be accompanied by a high profile public information campaign that outlines the notification process, which will also help people independently verify that a warning is real and actually coming from Microsoft.

If you receive an email message claiming to be from the DCU, do not click on links or open any attachments.  Instead, you can either just delete it or you can report it.

Here’s a copy of the fake message:

This message contains three common signs of a scam:

• Impersonation of a well-known company or organization
• Time-sensitive threats to your account
• Requests to click an attachment or link

Get more information on how to recognize phishing email messages, links, or phone calls.

It’s tax season in the United States, which means it’s time for us to remind you about tax scams—especially email messages that appear to come from the Internal Revenue Service (IRS) or another legitimate organization.

These seemingly valid offers are designed to trick you into turning over your personal information or to click on links or attachments that will automatically download malicious software to your computer.

The most common tax scams we’ve seen include:

• Fraudulent links to get your refund
• Free tax preparation or tax preparation software
• Promises to get you out of paying your taxes

To help avoid tax scams

Be careful when you click links or open attachments. If you need to go to the IRS website, use a bookmark or type the URL directly into your web browser. Read more about how the IRS does not initiate contact with taxpayers by email or any social media tools to request personal or financial information.

Use antivirus software. Download Microsoft Security Essentials at no cost for Windows 7, Windows Vista, and Windows XP. Windows Defender is an antivirus feature in Windows 8 that replaces Microsoft Security Essentials. 

Use email software with built-in spam filtering. SmartScreen technology helps reduce unwanted email. It’s built into Microsoft email programs (Outlook.com, Hotmail, Outlook, Exchange, Windows Mail, and Entourage) and is turned on by default.

Read more about security features in Outlook.com and Hotmail.

Get help with phishing scams, lottery fraud, and other types of scams

It’s tax season in the United States, which means it’s time for us to remind you about tax scams—especially email messages that appear to come from the Internal Revenue Service (IRS) or another legitimate organization.

These seemingly valid offers are designed to trick you into turning over your personal information or to click on links or attachments that will automatically download malicious software to your computer.

The most common tax scams we’ve seen include:

• Fraudulent links to get your refund
• Free tax preparation or tax preparation software
• Promises to get you out of paying your taxes

To help avoid tax scams

Be careful when you click links or open attachments. If you need to go to the IRS website, use a bookmark or type the URL directly into your web browser. Read more about how the IRS does not initiate contact with taxpayers by email or any social media tools to request personal or financial information.

Use antivirus software. Download Microsoft Security Essentials at no cost for Windows 7, Windows Vista, and Windows XP. Windows Defender is an antivirus feature in Windows 8 that replaces Microsoft Security Essentials. 

Use email software with built-in spam filtering. SmartScreen technology helps reduce unwanted email. It’s built into Microsoft email programs (Outlook.com, Hotmail, Outlook, Exchange, Windows Mail, and Entourage) and is turned on by default.

Read more about security features in Outlook.com and Hotmail.

Get help with phishing scams, lottery fraud, and other types of scams

On February 6, Microsoft announced that its Digital Crimes Unit had worked with Symantec to successfully deactivate a major botnet called Bamital. Below is an overview of Bamital and how you can remove it from your computer.

Botnets are networks of compromised computers, controlled remotely by criminals who use them to  secretly spread malware, steal personal information, and commit fraud. Bamital was designed to hijack internet search results and take people to websites that were potentially dangerous.

To learn more about botnets, see How to better protect your PC with botnet protection and avoid malware.

A majority of computers affected by Bamital were running Windows XP and not using a firewall and antivirus software or having monthly security updates installed.

You might have malware on your computer if you see this page:

To help clean Bamital and other malware from your computer, you can install antivirus and antispyware programs that are available online from a provider that you trust.

Microsoft and Symantec each provide free malware removal tools:

• Microsoft Safety Scanner –  http://www.microsoft.com/security/scanner/en-us/default.aspx
• Norton Power Eraser – https://www.norton.com/bamital

For more information about how to remove malware, visit the Virus and Security Solution Center from Microsoft Support.

Read more at the Official Microsoft Blog.

On February 6, Microsoft announced that its Digital Crimes Unit had worked with Symantec to successfully deactivate a major botnet called Bamital. Below is an overview of Bamital and how you can remove it from your computer.

Botnets are networks of compromised computers, controlled remotely by criminals who use them to  secretly spread malware, steal personal information, and commit fraud. Bamital was designed to hijack internet search results and take people to websites that were potentially dangerous.

To learn more about botnets, see How to better protect your PC with botnet protection and avoid malware.

A majority of computers affected by Bamital were running Windows XP and not using a firewall and antivirus software or having monthly security updates installed.

You might have malware on your computer if you see this page:

To help clean Bamital and other malware from your computer, you can install antivirus and antispyware programs that are available online from a provider that you trust.

Microsoft and Symantec each provide free malware removal tools:

• Microsoft Safety Scanner –  http://www.microsoft.com/security/scanner/en-us/default.aspx
• Norton Power Eraser – https://www.norton.com/bamital

For more information about how to remove malware, visit the Virus and Security Solution Center from Microsoft Support.

Read more at the Official Microsoft Blog.

You may have seen reports about security alerts for Java recently. Java is a commonly used piece of software from Oracle, so there’s a good chance you have it installed on your computer. Cybercriminals often use fake virus alerts to lure you into buying fraudulent antivirus software. These alerts state that your computer or other device is at risk, but clicking a link in one of them could lead you to downloading malicious software.

In the case of the fake Java updates, cybercriminals are taking advantage of news about security vulnerabilities in Java and recommendations to update Java immediately. We agree that if you use Java on your device you should update it directly from the Oracle website:  

• Get updates for Java from Oracle
• Turn on automatic updates for Java

If you don’t, then it’s a good idea to uninstall older versions of Java and disable Java in your browser like you would for any unused software.

Java is just one piece of software that cybercriminals target. It’s important to keep all the software installed on your system up to date. For Microsoft software, you can use the Microsoft Update service.

If you think you have a virus, visit the Microsoft Security Support Center for assistance.  

You may have seen reports about security alerts for Java recently. Java is a commonly used piece of software from Oracle, so there’s a good chance you have it installed on your computer. Cybercriminals often use fake virus alerts to lure you into buying fraudulent antivirus software. These alerts state that your computer or other device is at risk, but clicking a link in one of them could lead you to downloading malicious software.

In the case of the fake Java updates, cybercriminals are taking advantage of news about security vulnerabilities in Java and recommendations to update Java immediately. We agree that if you use Java on your device you should update it directly from the Oracle website:  

• Get updates for Java from Oracle
• Turn on automatic updates for Java

If you don’t, then it’s a good idea to uninstall older versions of Java and disable Java in your browser like you would for any unused software.

Java is just one piece of software that cybercriminals target. It’s important to keep all the software installed on your system up to date. For Microsoft software, you can use the Microsoft Update service.

If you think you have a virus, visit the Microsoft Security Support Center for assistance.  

We’ve seen an increase in scam email messages that promise recipients they have won some kind of prize or a lottery. These unsolicited messages will often claim that the prize is sponsored by Microsoft or another well-known company. They request personal information that cybercriminals can use for identity theft.

Do not respond to these fraudulent messages with personal information. There is no Microsoft Lottery.

For more information, see:

• What is the Microsoft Lottery Scam?
• Avoid scams that use the Microsoft name fraudulently
• Email and web scams: How to help protect yourself
• Protect yourself from cybersquatting and fake web addresses

We’ve seen an increase in scam email messages that promise recipients they have won some kind of prize or a lottery. These unsolicited messages will often claim that the prize is sponsored by Microsoft or another well-known company. They request personal information that cybercriminals can use for identity theft.

Do not respond to these fraudulent messages with personal information. There is no Microsoft Lottery.

For more information, see:

• What is the Microsoft Lottery Scam?
• Avoid scams that use the Microsoft name fraudulently
• Email and web scams: How to help protect yourself
• Protect yourself from cybersquatting and fake web addresses