As we kick off a new year, I thought it would be a good time to address a common question and topic that comes up around online and email safety: “How can you protect yourself from people trying to pretend they are Microsoft via email to trick you?” Why? Because if you are like me, you get all sorts of emails saying, “You’ve won this contest,” or “Congratulations, you’ve inherited $1,000,000, send us X,Y,Z info to claim it,” or specific to Microsoft fakes, “Microsoft security alert, open attachment to protect yourself.” (FYI, you haven’t won some foreign sweepstakes you never entered and there is no long lost inheritance waiting.)
At Microsoft, we have a Microsoft Online Safety site filled with information and resources designed to help you protect yourself, your family, your data, and your computing devices online, and one of those pages is specifically dedicated to information on how to “Avoid scams that use the Microsoft name fraudulently.” Here are some tips and pieces of information from that page that you should absolutely be aware of to help protect yourself:
- You have not won the "Microsoft Lottery" – There is no Microsoft Lottery. If you get an email stating you have won one, DELETE the message.
- Microsoft does not send unsolicited communication about security updates – When we release information about a security software update or a security incident, we send e-mail messages only to subscribers of our security communications program. You may want to check out:
- Microsoft Security Bulleting Advance Notification – This advance notification is intended to help our customers plan for effective deployment of security updates, and includes information about the number of new security updates being released, the software affected, severity levels of vulnerabilities, and information about any detection tools relevant to the updates.
- Register for Microsoft Technical Security Notifications – Microsoft offers these alerts in multiple offerings and delivery methods: Basic Alerts, Comprehensive Alerts, Security Advisories Alerts, and Microsoft Security Response Center Blog Alerts
- Legitimate Microsoft security communications do not include software updates as attachments. – We never attach software updates to our security communications. Rather, we refer customers to our Web site for complete information about the software update or security incident.
- Microsoft does not request credit card information to validate your copy of Windows – In fact, not only do we not request credit card information, we do not collect information that can be used to identify you such as your name, e-mail address, or other personal details.
- Microsoft does not make unsolicited phone calls to help you fix your computer – If you receive an unsolicited call from someone claiming to be from Microsoft Tech support, hang up.
The items above are just a few of the pieces of information and resources you can find on the “Avoid scams that use the Microsoft name fraudulently” page and on the Microsoft Online Safety site. If you have not been to the Microsoft Online Safety site yet, I would highly recommend heading out there and taking a look at all of the information and resources available to you for free to help you protect yourself, your family, your data, and your computing devices. By the way, if you think you might be a victim of fraud, you can report it. For more information, see: What to do if you’ve responded to a phishing scam.
Thank you and have a wonderful day,
Eric Ligman – Follow me on TWITTER, LinkedIn, and RSS and see “What I’m thinking”
Global Partner Experience Lead
Microsoft Worldwide Partner Group
This posting is provided "AS IS" with no warranties, and confers no rights