MedEd Division of Medical Education
Educational Computing

Understanding E-Mail Hoaxes

What is an E-Mail Hoax?
Have you ever received an e-mail message that includes something like the following:

  • A warning of a new virus that you should send on to everyone you know.
  • A warning of a scam that you should send on to everyone you know.
  • A petition to help the needy or some cause that wants you to foward it on to those who might be interested.
  • A get-rich-quick scheme that claims if you forward on the message you'll receive money for each time it's forwarded.
  • A claim that for each email sent someone in need will be helped by another organization.

These five scenarios account for almost all the e-mail hoaxes you will see.  Before you consider forwarding any email that asks you to forward it to anyone else you should be able to do the following:

 

In general it is considered very bad form to forward a message on to a large number of people. Many Internet Service Providers will go so far as to remove your account if you do this, even if you believe it is for a good cause. Any e-mail that is from an organization trying to effect a change should refer to a specific URL where you can go to sign a petition or to make your voice heard. The problem with the Internet is that even if the request is legitimate the message is likely to circulate for months, if not years, after the messages intended date has passed.


How to Tell if a Message is a Hoax?
Below is a message about a supposed screen saver that will wipe out your hard drive and "steal your password." You can read about this email hoax at http://www.symantec.com/avcenter/venc/data/buddylst.zip.html External Site / New Window. Read after the message for some tips on how you can tell this is obviously a hoax.

Subject: [Fwd: Beware of the Budweiser virus--really!]

This information came from Microsoft yesterday morning. Please pass it on to anyone you know who has access to the Internet. You may receive an apparently harmless Budweiser Screensaver, If you do, DO NOT OPEN IT UNDER ANY CIRCUMSTANCES, but delete it immediately. Once opened, you will lose EVERYTHING on your PC. Your hard disk will be completely destroyed and the person who sent you the message will have access to your name and password via the Internet. As far as we know, the virus was circulated yesterday morning. It's a new virus, and extremely dangerous. Please copy this information and e-mail it to everyone in your address book. We need to do all we can to block his virus. AOL has confirmed how dangerous it is, and there is no anti-virus program as yet which is capable of destroying it. Please take all the necessary precautions, and pass this information on to your friends, acquaintances and work colleagues.

End of message.

EMAILCHIEF


First, take look at the following text:

"This information came from Microsoft yesterday morning."

The words "yesterday morning" are quite a clue. When was yesterday morning? Obviously not yesterday. What about Microsoft? If they are making some sort of announcement where is the web site address with this announcement? Why would Microsoft make an announcement about some random virus that has nothing to do with their company?

Please pass it on to anyone you know who has access to the Internet.

Anything that asks you to "pass it on to anyone you know who has access to the Internet" is a big flag. Any official group (Microsoft, AOL, etc.) are the last ones to ask you to forward e-mail to everyone you know. This goes against standard Internet policies and good etiquette. It just clogs up disks, networks and wastes everyone's time.

"AOL has confirmed how dangerous it is..."

If AOL had confirmed anything they would certainly have a URL with this statement. Furthermore, what does AOL have to do with this? Finally, AOL is not an official virus reporting agency. You want to see things like CERT, Symantec (they make Norton Anti-Virus), McAfee, F-PROT (they make F-PROT F-Secure), etc.

The following statement is a big sign:

"...and there is no anti-virus program as yet which is capable of destroying it."

By the time the message gets to anyone, if the virus was for real, all the major anti-virus programs would already have a check for this. Generally it takes just one or two days for a big company like Symantec, McAfee, or F-PROT to come up with a check for such a virus.

Finally, we have this:

"...the person who sent you the message will have access to your name and password via the Internet."

What password? What do they mean by "via the Internet"? If you do store any of your passwords on your machine (e.g. dialup, in Eudora, etc.) it's encrypted. Furthermore, suppose it's some super virus and it can decrypt your passwords in certain circumstances, then what? Is it going to mail the password back to its creator? Now the FBI can track them down easily and arrest them? None of this makes much sense. Many e-mail hoaxes make statements such as this.

Finally, if you've read through this and you are still unsure if a message you have received is fake or outdated you can use the following resources to help you figure this out.


Where to Check if a Message is a Hoax
You should note that many of these email Hoax pages do not list all hoaxes nor do they list many of the petitions that are sent around the Internet. For instance, the petition for congress to fund National Public Radio has been circulating for several years. This action already took place and the petition is now just an embarrassment to NPR and creates bad publicity for them. Before you consider forwarding on a petition for any cause be absolutely sure that the petition is current, that the cause is actually currently asking for this help, and how about not forwarding on the petition but going to their web site and seeing if you can't sign one on-line. Any organization with any technical savvy will avoid sending out e-mail petitions and instead ask that people go to their web site to help out.

At the University of Oregon if you forward a petition on to a large number of people you are most likely going to annoy many of them, and you may lose your account. Do not include a large number of e-mail addresses in the "from:" field... ever! If just one person responds to you they will respond to the entire list! We have seen this create thousands of angry e-mail messages in a matter of hours. Just don't do it!


Now, to see if a message is a hoax you can try out the following sites:

Symantec's Anti-Virus Research Center Virus Hoax Page
http://www.symantec.com/avcenter/hoax.html External Site / New Window

Note: Symantec makes Norton Anti-Virus. For those with McAfee, while the product is decent, their web site does not compare. Still, they do have a smaller hoax page at http://vil.mcafee.com/hoax.asp External Site / New Window.

A Big List of Hoax Sites from Yahoo
http://search.yahoo.com/bin/search?p=virus+hoax External Site / New Window

CERT's Official Virus Resources Page
http://www.cert.org/other_sources/viruses.html#II External Site / New Window

About.com's Urban Legends and Virus Hoax Pages

http://urbanlegends.about.com External Site / New Window


If you are ever in doubt just keep these URLs in your favorites list and check out the sites to see if they've got the hoax listed. Even if they don't, if you follow some of the rules above, you can almost always spot a scam, old petition, or a email hoax a mile away.

Developed by the UCSD School of Medicine, Office of Educational Computing
Copyright 2009, University of California, San Diego
All rights reserved
Webmaster |