Joined: 06 November 2004
Microsoft sends e-mail to subscribers of our security e-mail notification services when we release information about a security software update or security incident.
Unfortunately, malicious individuals have been known to send fake e-mail notifications that appear to be coming from Microsoft, a tactic known as spoofing. Some of these messages lure recipients to Web sites to download malicious code, while others include a file attachment containing a virus.
Fortunately, there are ways to spot the imposters. Here's how to verify that a Microsoft security-related message is legitimate.
We never attach software updates to our security e-mail notifications. Rather, we refer customers to our Web site for complete information on the software update or security incident. Most Microsoft software updates are provided through Microsoft Windows Update, Microsoft Office Update, or the Microsoft Download Center.
We never send notices about security updates or incidents until after we publish information about them on our Web site. If you are ever in doubt about the authenticity of a Microsoft security e-mail notification, check the Security site on Microsoft.com to see if the information is listed there.
If you suspect that an e-mail message is not legitimate, do not click any hyperlinks within it. Those links may be spoofed so that they appear to be sending you to a trusted Web site when they are actually sending you to a malicious Web site. Always cut and paste the text of the link from the e-mail to the address bar on your browser; or better yet, type in the address of the site yourself. If the complete URL is too cumbersome, try using the beginning of the address, such as https://www.microsoft.com/security.
However, hackers also have ways to display a fake URL in the address bar of your browser, so even though it may appear you are on a trusted Web site, you may in fact be on a malicious one. To help limit this risk, begin on a Web site's home page and try to navigate to the information you're looking for. The Microsoft security update announcements are always posted on the Microsoft.com home page.
Microsoft and most commercial Web sites use certificates as part of a system for securing online transactions. Typing https:// as opposed to the standard http:// into the Web site address activates the certificate. (Your browser may display an alert that you are about to view pages over a secure connection.)
Once you are on the secure site, Internet Explorer allows you to check the certificate. Double-click the lock icon on the status bar at the bottom of your browser. This displays the security certificate for the site.
Secure site icon. If the lock is closed, then the site has a certificate you can check.
This certificate is proof of the site's identity. When you check the certificate, the name following Issued to should match the site you think you are on. If the name is different, you may be on a spoofed site. When you click the lock icon on a Microsoft.com Web page, you can match the Issued to domain name (www.microsoft.com) to the Web site domain name in the address bar (also www.microsoft.com).
Do the names match? The Issued to domain name should match the domain name in the browser address bar.
Links in authentic Microsoft security e-mail notifications use secure Web site addresses. This allows you to check the certificate to confirm that you are indeed on Microsoft.com and not on a spoofed site.
Counterfeit security communications can appear quite convincing, as was the case with the fraudulent e-mail that was used to distribute the Swen worm. Its professional appearance and sincere, helpful tone tricked many users into infecting their own computers.
Fake bulletin. Many users thought this e-mail notice looked good enough to be a real Microsoft message. It wasn't.
Joined: 13 August 2004
Joined: 01 November 2004
Joined: 26 August 2004
Microsoft AntiSpyware thinks Firefox is S
Author: cdesai12 Replies: 1 Views: 1051
|cdesai12||1||1051||01 March 2005 at 11:09am by HUMM|
Microsoft's responsibility for spyware
Author: cdesai12 Replies: 1 Views: 837
|cdesai12||1||837||11 February 2005 at 9:34pm by HUMM|
*Imp* Prog Attacks Microsoft AntiSpyware
Author: cdesai12 Replies: 1 Views: 767
|cdesai12||1||767||10 February 2005 at 7:48pm by HUMM|
*Imp* Only 12 Patches From Microsoft
Author: cdesai12 Replies: 1 Views: 824
|cdesai12||1||824||10 February 2005 at 7:39pm by HUMM|
Microsoft Launches New MSN Search
Author: cdesai12 Replies: 2 Views: 685
|cdesai12||2||685||02 February 2005 at 2:26am by SONYA_K|
Popular Channels :
Quick Links :