>Greetings LBO'sters. IS this for real?
no
>Would certainly cool Capitalism's
>frenzied embrace of the Socially hatched Internet, eh?
dream on
>smooches, paula
smooches to you too, love. http://www.snopes.com/inboxer/pending/email.htm THE HOAX IS ON YOU
At one time or another all of us have encountered an Internet hoax. Frantic warnings about organs being snatched from the bodies of sleeping salesman. Hyperbolic raves maintaining that Microsoft will pay you for every e-mail message you forward. One favorite leitmotif is a tragic story designed to elicit e-mail petition "signatures" which are then sent to an address at increments of 50 signatures. Then there are the ubiquitous warnings about a circulating virus that will destroy everything on your hard drive.
Innocuous pranks, right?
Wrong.
By way of illustration, consider one of the most infamous of hoaxes which actually made headlines. An April Fool's day scam during Operation Desert Storm claimed that a virus had been introduced into printers sent to Iraq. The virus, the e-mail gravely warned, was designed to infect the CPU because it was capable of traversing the parallel cable. Sadly, this hoax was taken seriously and reported in prominent news magazines like U.S. News & World Report.
Most Internet hoaxes, though, are annoyances that waste bandwidth and time. However, some damage the reputations of organizations and others are purposeful, often malicious, pranks played on individuals to make their lives miserable. One circulating recurrently over the past two years is a plea to help women in Afghanistan, entitled "The Taliban's War on Women." Readers were asked to sign the petition with their name and location, passing the entire petition and the collected "signatures" therein to a designated e-mail address at increments of 50 signatures.
The problem, of course, was that the e-mail account on the petition was inundated with queries, attacks, praise, as well as the petitions. The account is now shut down and, if you go to the university site, home of the e-mail account, and search for the original e-mail address, you will find a brief explanation and an admonishment to learn more about chain letters and Internet hoaxes
<...>
So, what exactly should we do when a well-meaning friend or colleague passes on these frantic warnings or pleas for? A gentle but forceful explanation of 1]. how to spot a hoax and 2] why they cause damage and pose security threats is in order.
How to spot a hoax:
First and foremost, unauthorized mass mailings and chain letters are illegal. Second, with regard to security concerns, Internet hoaxes clog e-mail communications, jam servers, and waste time. Most importantly, we want to avoid spreading hoaxes, particularly bogus virus warnings. When you encounter, day in and day out, hyperbolic "the sky is falling" e-mails warning of a virus that will change life as you know it forever and ever and ever, then you become desensitized to serious warnings. You start to think all virus warnings are just another piece of junk mail to be transported quickly and efficiently to your trash folder.
<...>
Look for the following signs of a hoax:
1. Liberal use of uppercase (capital) letters and exclamation points.
These tactics are designed to get attention. As most of us know, the use of uppercase usually signals that the person is speaking loudly or shouting. However, serious alerts from the security community never use capitalization in this manner.
2. The letter does not include an origination or expiration date.
The lack of a date is, perhaps, the most telltale sign of all. When an e-mail requests that you forward the information therein to other users, without a date assigned as a stopping point for a petition or request, it is liable to circle the ether forever. This is exactly what happened with the infamous "Craig Shergold chain mail": it has been haunting the Internet since 1989! Indeed, a couple thousand e-mail messages regarding "Craig" are sent out each day, over a decade later.
3. If there are references to official sources, these are incomplete and do not include a URL to learn more about the concerns raised in the letter.
Since the Internet is well-known as a veritable incubator for the spread rumor and gossip, those who want to ensure their message is taken seriously do all they can to document their claims with URLs. They also direct readers to "real life" phone numbers and land mail addresses where more queries can be directed.
One of the more damaging effects of these hoaxes is the harm done to the reputations of real organizations that do try to help people. Take the "Craig Shergold Hoax", again. Craig Shergold was a real 9-year-old boy with a brain tumor. But, the Make-a-Wish Foundation never helped Craig Shergold achieve his wish.
The hoax letter maintaining that the Foundation was involved was an outright lie. The letter continues to circulate a decade later and the Make-A-Wish Foundation has spent a significant amount of money dealing with misdirected e-mail, correcting misconceptions about the organization, and educating Internet users about the nature of hoaxes and Internet technology.
In 1996, the Foundation actually had to set up a special telephone line and web page pleading with people to stop circulating the bogus e-mail request.
4. The letter begins and/or ends with a request to circulate widely and send to "everyone you know." Again, official warnings never request such behavior from a reader of the alert.
What to do if you think it might be a hoax
Never circulate an unusual e-mail message if you have any doubts. Secure computing practice dictates that you avoid sending unwarranted e-mails whenever possible. Moreover, using your work account could jeopardize SIAC. For one, circulating useless mail is a poor reflection on SIAC, particularly our reputation as an information security savvy community.
You could risk retaliation from recipients who are annoyed by the waste of their time. In more extreme cases your SIAC work account could be mail bombed with large quantities of 'junk' e-mail and attachments. An annoyed recipient might also go the official route and complain to a SIAC administrator.
In order to help educate the sender and other recipients of the suspicious e-mail, you might then spend a little time finding out whether it is a hoax or not. Most of them are. If you find that it is a hoax, then a helpful e-mail containing pointers like the above as well as links to resources for more information is appropriate. Some resources you might want to bookmark for future reference:
An excellent resource devoted to debunking Internet hoaxes can be found at: http://www.kumite.com/myths/
The Information Security community also tracks hoaxes. · See the Department of Energy's Computer Incident Advisory Capability (CIAC) at: http://ciac.llnl.gov/ciac/CIACHoaxes.html · See the security network, ICSA.net anti-virus hoax pages devoted to combating false virus warnings: http://www.icsa.net/html/communities/antivirus/hoaxes/
Practical guides to hoaxes, pranks, myths and legends include:
· The AFU and urban legends archive at http://www.urbanlegends.com/ · The site on urban myths at http://www.urbanmyths.com/ · The San Fernando Valley's Folklore Society's Urban Legends Reference Site at http://www.snopes.com
Commercial anti-virus software makers also host sites devoted to combating virus hoaxes:
· Symantec Anti Virus Research Center at http://www.symantec.com/avcenter/index.html · McAfee Associates Virus Hoax List at http://www.mcafee.com/support/hoax.html · Dr. Solomon's Hoax Page at http://www.drsolomons.com/vircen/hoax.html Datafellows Hoax Warnings at http://www.Europe.Datafellows.com/news/hoax.htm