Microsoft’s Halo 4 Xbox video game won’t be released until December 2012, but some scammers are already launching fake Halo 4 beta websites designed to trick you into giving away your personal information or installing malicious software.

Don’t be fooled.

Get tips on how to report, recognize, and avoid scams.

We recently received this message from a small business owner:

I am stunned by the number of fake emails I get through my store’s email system, and some of them are quite sophisticated. I get them all the time from “UPS,” the “Better Business Bureau,” and today, “Bank of America.” Most of the time, they encourage me to open an attachment and fill out a form to prevent my account from being closed or to address a customer complaint. But sometimes the language and graphics are really quite professional. How can I protect my business against this kind of fraud?

The messages described here are known as phishing and if a phishing message appears in your email inbox, you can delete it or report it by using the newest versions of Internet Explorer, Hotmail, and Microsoft Office Outlook.  

Use Microsoft tools to report a suspected scam

• Internet Explorer. If you are on a site that seems suspicious, click the gear icon and then point to Safety. Then click Report unsafe website and use the web page that appears to report the website.
• Hotmail. If you receive a suspicious email message that asks you for personal information, click the check box next to the message in your Hotmail inbox. Click Mark as and then point to Phishing scam.
• Microsoft Office Outlook. Attach the suspicious email message to a new email message and forward it to [email protected]. To learn how to attach an email message to an email message, see Attach a file or other item to an email message.

You can also download the Microsoft Junk E-mail Reporting Add-in for Microsoft Office Outlook.

Reduce the number of phishing emails you receive

• Use email software with built-in spam filtering
• Keep your spam and phishing filters current
• Be careful about sharing your email or instant message address

Most of us put a boundary between our personal and professional lives. Online that’s not easy to do.

In the Official Microsoft blog, Brendon Lynch, Microsoft Chief Privacy Officer, writes, “Every piece of personal information that exists online about you -- whether posted by you or by others -- has the potential to impact how you are perceived by family and friends, an employer, a mortgage lender, and more.”

That’s why, on Data Privacy Day 2012, Microsoft is providing information and resources about how you can manage your personal information online.

Top tips to manage your information online

1. Stay vigilant and conduct your own “reputation report” from time to time.
2. Consider separating your professional and personal profiles.
3. Adjust your privacy settings.

 Get the rest of these tips and learn more about how to safeguard your online reputation:

• Data Privacy Day 2012
• Microsoft & Data Privacy Day: Put Your Best Digital Foot Forward
• Your information on the Internet: What you need to know
• Protect your privacy on the Internet
• Take charge of your online reputation

You’d have to be a real early bird to be expecting your income tax return in the United States already. And yet, we’ve begun to see phishing scams that appear to come from [email protected] and offer links where you can check the status of your return.

The message uses language straight from the IRS website and goes something like this:

You filed your tax return and you’re expecting a refund. You have just one question and you want the answer now – Where’s My Refund?

Access this secure Web site to find out if the IRS received your return and whether your refund was processed and sent to you.

To get to your refund status, you’ll need to provide the following information as shown on your return:

Your first and last name
Your Social Security Number (or IRS Individual Taxpayer Identification Number)
Your Credit Card Information (for the successful complete of the process)

This email is a scam. Don’t respond and don’t send them any personal information.

Here are several common scam techniques that this message and others might use:

• Looking like a large organization or company. The text and images in this email were stolen from the IRS website and make the email look legitimate.
• Requests for personal or financial information. The IRS does not ask for personal information like this in email.
• Bad grammar or spelling. The only part of the email that was not copied from the IRS website was the section requesting credit card information. It’s no coincidence that this is also the section with grammatical and spelling errors.

If you receive a message like this, delete it or report it. Learn more about how to recognize, avoid, and report scams like this one.

Ten years ago this week, Bill Gates sent a memo to all Microsoft employees announcing the Trustworthy Computing (TwC) initiative and defining the key aspects of TwC.

 Gates wrote:

 “Trustworthy Computing is computing that is as available, reliable and secure as electricity, water services and telephony.”

 That announcement and the creation of TwC set the company on a path to help increase security and privacy for all of our computing experiences.

 Learn about the history of TwC and read how Microsoft has reaffirmed its commitment to it for the next decade.  

 More information about Trustworthy Computing

• TwC Next: Marking a Milestone. Continuing Our Commitment
• TwC Next internal memo from Craig Mundie
• At 10-Year Milestone, Microsoft’s Trustworthy Computing Initiative More Important than Ever

You can help protect yourself and your family from identity theft, fraud, viruses, dangerous email, and more, with these ten New Year’s resolutions:

1. Keep all software (including your web browser) current with automatic updating.
2. Install legitimate antivirus and antispyware software, such as Microsoft Security Essentials.
3. Never turn off your firewall.
4. Protect your wireless router with a password.
5. Think before you open attachments or click links in an email message, an instant message (IM), or on a social network, even if you know the sender. Confirm with the sender that the message is legitimate. Learn more about scams.
6. Before you enter sensitive data, look for signs that the webpage is secure—a web address with https and a closed padlock () beside it are good indications.
7. Never give sensitive information (like an account number or password) in response to a request in an email message, IM, or on a social network.
8. Don't respond to pleas for money from "family members," deals that sound too good to be true, lotteries you didn't enter, or other scams.
9. Make your passwords long phrases or sentences that mix capital and lowercase letters, numbers, and symbols. Use different passwords for different sites, especially those that keep financial information.
10. Use our password checker to learn how strong your passwords are.

Cybercriminals use social engineering to prey on our weaknesses. Sometimes they take advantage of our goodwill towards others, like in the “I’ve been mugged scam” I wrote about in a recent blog post. More often they try to trick us with deals that seem too good to be true. 

Cybercriminals can also sneak software (called “ransomware”) onto your computer. This will pop up a window warning that illegal material has been found on your computer, and lock you out of your computer unless you pay a fee. We’ve been reporting on this kind of scam at least as far back as 2008, but the Microsoft Malware Protection Center recently blogged about its resurgence in several languages, including English, Spanish, German, and Dutch.

Get more information about this scam from the Microsoft Malware Protection Center blog.

Did you get a new computer or gaming system for the holidays and you want to get rid of your old one? Make sure you clear all the old files from your old PC before you recycle it. That way, if it falls into the wrong hands, a criminal won’t be able to access your personal information. If you want to transfer some of your old files, you can use Windows Easy Transfer.

Make sure you remove:

• Email contacts and messages
• Your documents
• Your computer’s recycle bin or trash folder
• Your Internet browser’s cache, cookies, and history

Get more information about what to do with your old PC

• 11 ways to recycle an old PC
• Microsoft Refurbisher Program
• Environmental Protection Agency: Where Can I Donate or Recycle My Old Computer and Other Electronic Products?