Microsoft sends e-mail messages to subscribers of our security communications when we release information about a security software update or security incident. Unfortunately, malicious individuals can and have sent fake security communications that appear to be from Microsoft.
This tactic is known as spoofing. Some of these messages lure recipients to Web sites to download spyware or other unwanted software. Others include a file attachment that contains a virus.
How to help verify the legitimacy of a security-related e-mailIf you have not signed up for any security communications from Microsoft and you receive an unexpected message about a security update, treat the message with great caution. When in doubt, delete the message and immediately check the Microsoft.com home page for the same information. Digital signatures help make Microsoft security communications more secure
If you have signed up for security communications from Microsoft, these communications may have a digital signature attached. To help increase your security, these communications may be signed with the Internet standard, Secure Multipurpose Internet Mail Extensions (S/MIME). S/MIME gives you added assurance that the e-mail message comes from Microsoft, has not been tampered with, and is not a fake.
If you use Microsoft Outlook, you will see a  icon just above the message body.
Click the icon to see the Digital Signature window. If the e-mail came from Microsoft, you will see the Valid window. 
Click the Details button to see the Security Layers.
Many other full-featured e-mail programs also interpret the digital signature; consult your e-mail program's help file for more information. Note: Many Web-based e-mail programs and some other e-mail programs currently do not support digital signing. If you use one of these programs and you receive a digitally signed message, it will probably have an attachment with the extension .p7s. The body of the message is the same, but you cannot tell if the message has been tampered with or is a fake.
What to do if the signature is not valid
If you receive a message that indicates the signature is not valid, do not trust the message and do not open any attachments. This message might have been altered after the time it was sent by Microsoft, or it might not have been sent by Microsoft.
Check the Microsoft Security Updates page to see whether the information you received is listed there.
Legitimate notifications do not include software updates as attachments
We never attach software updates to our security communications. Rather, we refer customers to our Web site for complete information about the software update or security incident.
Automatic Updates (recommended) downloads and installs security and other high-priority updates automatically, on a schedule that you set. For more information, see How to update your computer: Frequently asked questions. Legitimate notifications are also on Microsoft.com
We never send notices about security updates or incidents until after we publish information about them on our Web site. Check the Microsoft Security Updates page to see whether the information is listed there.
Legitimate notifications have a valid Microsoft Web addressLinks in authentic Microsoft security e-mail notifications use security-enhanced Web site addresses. This allows you to check the certificate to confirm that you are indeed on Microsoft.com and not on a spoofed site. What to do if you suspect an e-mail is not legitimateIf you suspect that an e-mail message is not legitimate, do not click any links in it. Those links might be spoofed so that they appear to send you to a legitimate Web site when they actually send you to a malicious one. Instead of clicking any links in the notification, type or cut and paste the text of the link from the e-mail message to the address bar in your browser. Note that there are ways to display a fake URL in the address bar of your browser. So even though it might appear you are on a legitimate Web site, you might be on a malicious one. To help limit this risk, begin on a Web site's home page and try to navigate to the information you're looking for. Legitimate Web sites have current and accurate certificates
Microsoft and most commercial Web sites use certificates as part of a system to help make online transactions more secure. Typing https:// as opposed to the standard http:// into the Web site address activates the certificate. (Your browser might display an alert that you are about to view pages over a secure connection.)
When you are on the secure site, Internet Explorer allows you to check the certificate. Double-click the lock icon on the status bar at the bottom of your browser. This displays the security certificate for the site.  Secure site lock icon. If the lock is closed, the site has a certificate you can check.
This certificate is proof of the site's identity. When you check the certificate, the name following Issued to should match the site you think you are on. If the name is different, you may be on a spoofed site. When you click the lock icon on a Microsoft.com Web page, you can match the Issued to domain name (www.microsoft.com) to the Web site domain name in the address bar (also www.microsoft.com).
 Do the names match? The Issued to domain name should match the domain name in the browser address bar.
Example of a fake notificationCounterfeit security communications can appear quite convincing, as was the case with the fraudulent e-mail that was used to distribute the Swen worm. Its professional appearance and sincere, helpful tone tricked many users into infecting their own computers.  Fake bulletin. Many users thought this e-mail notice looked good enough to be a real Microsoft message. It wasn't.
Update your softwareOne of the best ways to help protect against malicious Web sites and hackers is to keep your software programs, antivirus and antispyware software up to date. To keep your Microsoft programs current, go to the following locations to get updates: Note: If you do not use Windows on your computer or if you have not upgraded your computer or installed any patches since 2001 or earlier, you might need to download a root certificate at https://www.microsoft.com/pki/certs/MicrosoftRootCert.crt.
| 
