How to tell whether a Microsoft security-related e-mail message is genuine
Microsoft sends e-mail messages to subscribers of our security e-mail notification services when we release information about a security software update or security incident.
Unfortunately, malicious individuals can and have sent fake e-mail notifications that appear to be from Microsoft, a tactic known as spoofing. Some of these messages lure recipients to Web sites to download malicious code, while others include a file attachment that contains a virus.
How to verify the legitimacy of a security notification
If you have not signed up for any security communications from Microsoft and you receive an unexpected message about a security update, you should treat the message with great caution. When in doubt, delete the message and immediately check the Microsoft.com home page for the same information.
Legitimate notifications do not have attachments
We never attach software updates to our security e-mail notifications. Rather, we refer customers to our Web site for complete information about the software update or security incident. Most Microsoft security updates are provided through Microsoft Update, Office Update, or the Microsoft Download Center.
Legitimate notifications are also on Microsoft.com
We never send notices about security updates or incidents until after we publish information about them on our Web site. Check the Security site on Microsoft.com to see whether the information is listed there.
Legitimate notifications have a valid Microsoft Web address
The Microsoft security update announcements are always on the Microsoft.com home page. Links in authentic Microsoft security e-mail notifications use secure Web site addresses. This allows you to check the certificate to confirm that you are indeed on Microsoft.com and not on a spoofed site.
If you suspect that an e-mail message is not legitimate, do not click any links within it. Those links may be spoofed so that they appear to send you to a legitimate Web site when they actually send you to a malicious one.
Instead of clicking any links in the notification, type or cut and paste the text of the link from the e-mail message to the address bar in your browser.
Note that hackers also have ways to display a fake URL in the address bar of your browser. So even though it may appear you are on a legitimate Web site, you may in fact be on a malicious one. To help limit this risk, begin on a Web site's home page and try to navigate to the information you're looking for.
Legitimate Web sites have current and accurate certificates
Microsoft and most commercial Web sites use certificates as part of a system for securing online transactions. Typing https:// as opposed to the standard http:// into the Web site address activates the certificate. (Your browser may display an alert that you are about to view pages over a secure connection.)
Once you are on the secure site, Internet Explorer allows you to check the certificate. Double-click the lock icon on the status bar at the bottom of your browser. This displays the security certificate for the site.
Secure site lock icon. If the lock is closed, then the site has a certificate you can check.
This certificate is proof of the site's identity. When you check the certificate, the name following Issued to should match the site you think you are on. If the name is different, you may be on a spoofed site. When you click the lock icon on a Microsoft.com Web page, you can match the Issued to domain name (www.microsoft.com) to the Web site domain name in the address bar (also www.microsoft.com).
Do the names match? The Issued to domain name should match the domain name in the browser address bar.
Example of a fake notification
Counterfeit security communications can appear quite convincing, as was the case with the fraudulent e-mail that was used to distribute the Swen worm. Its professional appearance and sincere, helpful tone tricked many users into infecting their own computers.
Fake bulletin. Many users thought this e-mail notice looked good enough to be a real Microsoft message. It wasn't.
Update your software
One of the best ways to help protect against malicious Web sites and hackers is to keep your software programs, antivirus and anti-spyware software up to date. To keep your Microsoft programs current, go to the following locations to get updates:
| • | Scan your computer for any needed critical Microsoft updates |
| • | |
| • | Find updates to other Microsoft products in the Download Center |