Security

Hoaxes

 

What is a Hoax?

    Hoaxes are warnings that contain incorrect information about malware or system events. These warnings often describe fantastical or impossible malware program characteristics that often fool the user into performing unwanted actions on their system or suggests that users should forward the warning to other users. A hoax can be considered a nuisance by the mere fact that by forwarding it causes a waste of time and bandwidth.
    Like Propaganda, Hoaxes use "Social Engineering", or exploiting the weaknesses of human nature, to manipulate (con) people into performing a desired action. Hoaxes are similar to chain letters, except that hoaxes use fear or concern for others; chain letters use greed. Although the emotions used to motivate victims are different, the goal is the same: to have everyone who receives the message forward it to everyone they know.
    The reasons for starting Hoax messages are as varied as the individuals authoring them. For some Hoax authors, it is a form of digital graffiti. Some do it as a prank. Other, anti-social types may just want to harass others. Spammers start them to collect all the confirmed (!) email addresses that snowball as the message is forwarded.

 

The Risk and Cost of Hoaxes

    Potential Effects of Forwarding Email to Everyone You Know

    The example below demonstrates the potential problems of forwarding fake email warnings.

    In this example the hoax author started off the avalanche by sending out his hoax email message to 300 people, and requested that they forward it to everyone they know. If each person who received the email passed it along to only 5 other people, that would be 1,500 "second-generation" e-mails sent on the first day. Each subsequent level of the pyramid below represents the email sent each day if only 5 of the people who received the hoax message forwarded it to only 5 other people. Obviously, these are very conservative estimates.

    300
    1,500
    7,500
     37,500
     187,500
     937,500
     4,687,500
     23,437,500
    117,187,500
    585,937,500
     2,929,687,500
    14,648,437,500
    73,242,187,500
    366,210,937,500
    1,831,054,687,500
    9,155,273,437,500

    If each email cycle took 1 day, in 17 days there would be more than one email message sent for every man, woman and child in the known universe. This would bring the Internet to its knees.

    Next, let's examine the time wasted on this theoretical hoax message. Let's be conservative again, and assume each person who receives the message spends one minute reading and forwarding it.

      9,155,273,437,500 emails @ 1 minute each = 9,155,273,437,500 minutes
      divided by 60 minutes per hour = 152,587,890,625 hours
      divided by 24 hours per day = 6,357,828,776 days
      divided by 365 days per year = 17,418,709 years

    Read it again: 17 million years! In 17 days! That's alot of wasted time (and money)!

    That's why it is absolutely necessary to scrutinize any "pass this along to all your friends" type of message before forwarding it. Not to mention how silly you'll feel, and the credibility you'll lose, when all the people you forwarded the message to realize it's bogus, and that you wasted their time, and caused them look foolish too.

 

Recommended Reading

 

Identification - How to Recognize a Hoax

    1. Receiving an e-mail message that has been previously forwarded, particularly forwarded more than once, is a prime characteristic of a hoax.

    2. The first thing you should notice is the request to "send this to everyone you know" or similar wording. This should raise a red flag that the warning is probably a hoax. No real warning message from a credible source will tell you to send this to everyone you know.

    3. Next you should consider if the message contains hyperbole (exaggeration) about the damage that will be inflicted, and the message's frantic tone of sense of panic. Often, this will be reflected in the grammar used in the message:

      • Many exclamation marks in the text of the message or in the subject line.
      • Use of all UPPER-CASE letters.
      • Excessive use of boldface or italics.
      • Use of larger than normal-size letters in the message.

      The use of hyperbole or a frantic style is symptomatic of a hoax, because scientists, engineers, and professional technical writers use neither hyperbole nor frantic style.

    4. Does the message contain a lot of technical details or jargon? Technical details are used to give the message credibility, but they are not proof that the author is either correct or sincere. Putting long, detailed instructions into an e-mail is a symptom of a hoax, as it would be more practical, and useful, to refer the reader to an appropriate vendor's website.

      In contrast, a useful warning would either:

      • advise you to update your anti-virus software to protect yourself from the new threat that is mentioned in the message.
      • contain a link to a major software vendor's website and ask that you follow the current instructions there.

    5. Does the message contain an Appeal to Authority? Hoaxes often mention the name of a major corporation or a government agency that allegedly originally issued or endorsed the message. A key feature of a hoax is the lack of a link to the relevant page on that organization's website. that would allow the reader to confirm the information.

      Conversely, warnings without the name of the person sending the original notice, or warnings with names, addresses, and phone numbers that do not actually exist are probably hoaxes.


    Refer to CIAC's HOAX website to find out more about How to Recognize a Hoax.

 

Proper Response to a Possible Hoax

    When in Doubt, Don't Send It Out!

    Hoaxes are harmful:

    • they waste people's time, particular time of computer technicians and anti-virus software developers who respond to bogus incidents,
    • they spread anxiety and panic needlessly,
    • they add to junk e-mail (commonly called "spam") that already clogs the Internet,
    • some hoaxes instruct people to delete a file used by their computer's operating system,
    • a few hoaxes contain a malicious program (e.g., Trojan Horse or worm) as an attachment, and
    • forwarding a hoax makes you look like an idiot.

    Validate the warning:

    1. Before you forward a potential hoax, check one or more authoritative sources to determine if the warning has already been declared a hoax.

    2. Warnings about new malicious code are also available at antivirus and software vendors' sites. Check the website of the company that produces the product that is supposed to contain the virus.

    3. If you work in a major corporation, forward the message to the computer department and let them decide whether to warn other users.

    4. Finally, if you are not technically capable of evaluating the technical content of a message warning about a new computer virus, then it is not your job to warn others about this alleged new virus.

 

Verification Resources

 

Other Types of Hoaxes

    Up to this point the focus has been virus hoaxes, but there are other types of hoax emails as well. The different types of hoaxes are described on MCSEworld's hoax webpage, which includes other useful information.

    ABOUT.com's website provides hoax good information, but many of ABOUT.com's web pages spawn pop-ups. But one interesting "tear-jerker" hoax is an absolute must-read:

    There are, unfortunately, many other hoaxes of this type, as illustrated here:

    Use a web browser that blocks pop-ups when viewing articles on ABOUT.com's website (or tolerate them), since they have several other good articles about hoaxes:

 

Copyright © 2003 Scientis       Privacy Policy       Terms, Conditions, & Notices