TechTalk & Personal Computing Guide

India-Forums

   
TechTalk & Personal Computing Guide
TechTalk & Personal Computing Guide

Microsoft Security-Related Message Is Ok?

HUMM IF-Dazzler
HUMM
HUMM

Joined: 06 November 2004
Posts: 2927

Posted: 03 January 2005 at 1:40pm | IP Logged

How to Tell If a Microsoft Security-Related Message Is Genuine

Published: September 19, 2003 | Updated: August 10, 2004

Microsoft sends e-mail to subscribers of our security e-mail notification services when we release information about a security software update or security incident.

Unfortunately, malicious individuals have been known to send fake e-mail notifications that appear to be coming from Microsoft, a tactic known as spoofing. Some of these messages lure recipients to Web sites to download malicious code, while others include a file attachment containing a virus.

Learn What to Look For

Fortunately, there are ways to spot the imposters. Here's how to verify that a Microsoft security-related message is legitimate.

The Message Contains No Attachments

We never attach software updates to our security e-mail notifications. Rather, we refer customers to our Web site for complete information on the software update or security incident. Most Microsoft software updates are provided through Microsoft Windows Update, Microsoft Office Update, or the Microsoft Download Center.

The Information Is on Microsoft.com

We never send notices about security updates or incidents until after we publish information about them on our Web site. If you are ever in doubt about the authenticity of a Microsoft security e-mail notification, check the Security site on Microsoft.com to see if the information is listed there.

The URL Is a Valid Microsoft Web Address

If you suspect that an e-mail message is not legitimate, do not click any hyperlinks within it. Those links may be spoofed so that they appear to be sending you to a trusted Web site when they are actually sending you to a malicious Web site. Always cut and paste the text of the link from the e-mail to the address bar on your browser; or better yet, type in the address of the site yourself. If the complete URL is too cumbersome, try using the beginning of the address, such as https://www.microsoft.com/security.

However, hackers also have ways to display a fake URL in the address bar of your browser, so even though it may appear you are on a trusted Web site, you may in fact be on a malicious one. To help limit this risk, begin on a Web site's home page and try to navigate to the information you're looking for. The Microsoft security update announcements are always posted on the Microsoft.com home page.

The Certificate Is Current and Accurate

Microsoft and most commercial Web sites use certificates as part of a system for securing online transactions. Typing https:// as opposed to the standard http:// into the Web site address activates the certificate. (Your browser may display an alert that you are about to view pages over a secure connection.)

Once you are on the secure site, Internet Explorer allows you to check the certificate. Double-click the lock icon on the status bar at the bottom of your browser. This displays the security certificate for the site.

Top of pageTop of pageSecure site icon. If the lock is closed, then the site has a certificate you can checkorder

Secure site icon. If the lock is closed, then the site has a certificate you can check.

This certificate is proof of the site's identity. When you check the certificate, the name following Issued to should match the site you think you are on. If the name is different, you may be on a spoofed site. When you click the lock icon on a Microsoft.com Web page, you can match the Issued to domain name (www.microsoft.com) to the Web site domain name in the address bar (also www.microsoft.com).

Do the names match The Issued to domain name should match the domain name in the browser address barorder

Do the names match? The Issued to domain name should match the domain name in the browser address bar.

Links in authentic Microsoft security e-mail notifications use secure Web site addresses. This allows you to check the certificate to confirm that you are indeed on Microsoft.com and not on a spoofed site.

Example of a Fake Bulletin

Counterfeit security communications can appear quite convincing, as was the case with the fraudulent e-mail that was used to distribute the Swen worm. Its professional appearance and sincere, helpful tone tricked many users into infecting their own computers.

Fake bulletin. Many users thought this e-mail notice looked good enough to be a real Microsoft message. It wasntorder

Fake bulletin. Many users thought this e-mail notice looked good enough to be a real Microsoft message. It wasn't.

*Anjali* IF-Dazzler
*Anjali*
*Anjali*

Joined: 13 August 2004
Posts: 4673

Posted: 04 January 2005 at 12:19am | IP Logged
Thank u Humm---you're right--some of these warnings look very real so it's important we know how to tell the difference.
nandiinii Senior Member
nandiinii
nandiinii

Joined: 01 November 2004
Posts: 503

Posted: 05 January 2005 at 11:43pm | IP Logged
thanks alot humm 4 the info...and yeah u r absolutely right..
rabeeak2003 IF-Dazzler
rabeeak2003
rabeeak2003

Joined: 26 August 2004
Posts: 3898

Posted: 06 January 2005 at 10:49pm | IP Logged
Thanks Sunny!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  • Page 1 of 1

Go to top

Related Topics

  Topics Author Replies Views Last Post
Microsoft AntiSpyware thinks Firefox is S

Author: cdesai12   Replies: 1   Views: 1029

cdesai12 1 1029 01 March 2005 at 11:09am by HUMM
Microsoft's responsibility for spyware

Author: cdesai12   Replies: 1   Views: 826

cdesai12 1 826 11 February 2005 at 9:34pm by HUMM
*Imp* Prog Attacks Microsoft AntiSpyware

Author: cdesai12   Replies: 1   Views: 760

cdesai12 1 760 10 February 2005 at 7:48pm by HUMM
*Imp* Only 12 Patches From Microsoft

Author: cdesai12   Replies: 1   Views: 816

cdesai12 1 816 10 February 2005 at 7:39pm by HUMM
Microsoft Launches New MSN Search

Author: cdesai12   Replies: 2   Views: 677

cdesai12 2 677 02 February 2005 at 2:26am by SONYA_K

Forum Quick Jump

Forum Category / Channels
Forums

  • Please login to check your Last 10 Topics posted

Disclaimer: All Logos and Pictures of various Channels, Shows, Artistes, Media Houses, Companies, Brands etc. belong to their respective owners, and are used to merely visually identify the Channels, Shows, Companies, Brands, etc. to the viewer. Incase of any issue please contact the webmaster.

Popular Channels :
Star Plus | Zee TV | Sony TV | Colors TV | SAB TV | Life OK

Quick Links :
Top 100 TV Celebrities | Top 100 Bollywood Celebs | About Us | Contact Us | Advertise | Forum Index