How To...  Determine if a Microsoft Security message is Genuine

If you get a message that appears to be from Microsoft and claims that a new vulnerability has been released and that you must install a particular patch right away to protect yourself, how do you tell if that message is legitimate or simply another spam, phishing or malware attack?

Microsoft gives guidance on this subject at these two links. We highly recommend that you become familiar with these details so that you do not fall prey to this sort of malicious activity.

As for how to tell if a Microsoft alert is genuine, these two web pages provide good information:

• http://www.microsoft.com/canada/athome/security/email/ms_genuine_mail.mspx
• http://www.microsoft.com/protect/yourself/phishing/msemail.mspx

A few ways to tell...

Please read the full details in the above links, but we will go over a few important indicators here as well.

Deceptive links

The biggest red flag that a message is likely malicious is a deceptive link. That is, a discrepancy between the shown link and the real destination URL…

As you may or may not know, it is very easy to make a link display one thing but take you to a totally different place. For example, here is a link that says Yahoo, but it will really take you to Google. Web browsers and email clients give you a way to see the real destination of a link, however, and you can use that feature to test a link to see if it is deceptive.

If you hover your mouse pointer over the above link (green hand below), you will see google in the lower-left corner of your web browser (red arrow).

The same thing works in an email client. In Outlook, you need to hover your mouse pointer and wait 2 seconds and the real URL will appear as a floating box.

So you can see from the above that, while the link claims to be going to microsoft.com it is really taking you to myip.org.

Rule #1 - If you ever see a link that claims to be to one place, but is really to another, be VERY suspicious of the email. It is likely malicious.

Obvious gramatical or spelling errors

This is another important indicator. Email messages that claim to be from a business and yet contain errors in grammer, use of words, spelling or punctuation should send you a red flag. Most businesses have several layers of review before a message is approved for release to the public. Obvious errors will typically be caught and removed during this process.

Details about Microsoft alerts

The above steps can be used to evaluate any incoming message. These are a few items that are specific to Microsoft messages:

• Microsoft alerts will not contain attachments
• Microsoft alerts will serve any required downloads from a microsoft.com web address. This means that the real URL, the one you see when you hover your mouse, will be microsoft.com
• Legitimate notifications are also on Microsoft.com
  Microsoft never sends notices about security updates or incidents until after they publish information about them on their Web site. Check the Security site on Microsoft.com to see whether the information is listed there.