If you have had an email that warns you about an unlikely-sounding new virus, offers you a free mobile phone, or asks you to update your bank account details, you have been the victim of a hoax. Hoax mail can interrupt work, overload mail systems, or even trick you into giving personal credentials and passwords to criminals.
|
|
|
|
|
 |
Virus hoaxes |
|
|
Why virus hoaxes matter |
|
|
Can hoaxes inspire viruses? |
|
|
Page-jacking |
|
|
Mouse-trapping |
|
|
Phishing |
|
|
Chain letters |
|
|
Are chain letters really a problem? |
|
|
How to avoid hoaxes? |
|
|
|
|
|
|
|
|
|
|
|
Virus hoaxes |
|
|
Virus hoaxes are reports of non-existent viruses. Usually they are emails which do some or all of the following: |
|
|
|
|
|
Warn you that there is an undetectable, highly destructive new virus. |
|
|
Ask you to avoid reading emails with a particular subject line, e.g. Join the Crew or Budweiser Frogs. |
|
|
Claim that the warning was issued by a major software company, internet provider or government agency, e.g. IBM, Microsoft, AOL or the FCC. |
|
|
Claim that a new virus can do something improbable, e.g. The A moment of silence hoax says that “no program needs to be exchanged for a new computer to be infected”. |
|
|
Use techno-babble to describe virus effects, e.g. Good Times says that the virus can put the PC's processor into “an nth-complexity infinite binary loop”. |
|
|
Urge you to forward the warning. |
|
|
|
|
|
Hoax or not?: On April 1, 2000 an email headed Rush-Killer virus alert began circulating. It warned of viruses that dial 911 (the US emergency number), and urged you to forward the warning. The email had the hallmarks of a hoax, but the virus was real. It's difficult to tell a hoax from a real warning; follow the advice in the “ How to avoid hoaxes? ” section. |
|
|
Top |
|
|
Why virus hoaxes matter |
|
|
Hoaxes can be as disruptive and costly as a genuine virus. |
|
|
If users do forward a hoax warning to all their friends and colleagues, there can be a deluge of email. This can overload mail servers and make them crash. The effect is the same as that of the real Sobig virus, but the hoaxer hasn't even had to write any computer code.
It isn't just end-users who overreact. Companies who receive hoaxes often take drastic action, such as closing down a mail server or shutting down their network. This cripples communications more effectively than many real viruses, preventing access to email that may be really important.
False warnings also distract from efforts to deal with real virus threats.
Hoaxes can be remarkably persistent too. Since hoaxes aren't viruses, your anti-virus software can't detect or disable them. |
|
|
Top |
|
|
Can hoaxes inspire viruses? |
|
|
A hoax can inspire a real virus threat, or vice versa.After the Good Times hoax made headlines, some virus writers waited until it had been debunked and then wrote a real virus with the same name (some anti-virus firms call it GT-Spoof). |
|
|
Top |
|
|
Page-jacking |
|
|
Page-jacking is the use of replicas of reputable webpages to catch users and redirect them to other websites. |
|
|
Page-jackers copy pages from an established website and put them on a new site that appears to be legitimate. They register this new site with major search engines, so that users doing a search find and follow links to it. When the user arrives at the website, they are automatically redirected to a different site that displays advertising or offers of different services. |
|
|
Page-jacking annoys users and can bogus website, you may find confront them with offensive material. It also reduces revenue for legitimate websites, and makes search engines less useful. |
|
|
In some cases, page-jacking can be used for “ phishing ” . |
|
|
You cannot be affected by page-jacking if you use a bookmark or "favourite”, or type the website address (the URL) in directly. |
|
|
Top |
|
|
Mouse-trapping |
|
|
If you are redirected to a bogus website, you may find that you cannot quit with the back or close buttons. This is called mouse-trapping. To escape, type an address in the “Address” field, use a bookmark, or open the list of recently-visited addresses and select the next-to-last. To regain use of the back or close buttons, close the browser or restart the computer. |
|
|
Top |
|
|
Phishing |
|
|
Phishing is the use of bogus emails and websites to trick you into supplying confidential or personal information. |
|
|
Typically, you receive an email that appears to come from a reputable organisation, such as a bank. The email includes what appears to be a link to the organisation's website. However, if you follow the link, you are connected to a replica of the website. Any details you enter, such as account numbers, PINs or passwords, can be stolen and used by the hackers who created the bogus site. |
|
|
You should always be wary about following links sent to you in emails. Instead, enter the website address in the “Address” field, or use a bookmark or a “favourite” link, to make sure that you are connecting to the genuine site. Anti-spam software will also help to block phishing email. |
|
|
Top |
|
|
Chain letters |
|
|
An electronic chain letter is an email that urges you to forward copies to other people. |
|
|
The main types of chain letter are: |
|
|
|
|
|
Hoaxes: Chain letters have warned of terrorist attacks, scams involving premium-rate phone lines, and thefts from ATMs. All were either deliberate hoaxes or urban myths. |
|
|
|
|
|
Fake freebies: Some letters falsely claim that companies are offering free flights, free mobile phones, or cash rewards if you forward email. |
|
|
|
|
|
Petitions: These are usually petitions against proposed legislation. Even if genuine, they continue to circulate long after their expiry date. |
|
|
|
|
|
Jokes and pranks: The “Internet cleaning” letter claimed that the internet would be closed for maintenance on 1 April. |
|
|
Top |
|
|
Are chain letters really a problem? |
|
|
Chain letters don't threaten your security, but they can: |
|
|
|
|
|
Waste time and distract users from genuine email. |
|
|
Create unnecessary email traffic and slow down mail servers. |
|
|
Spread misinformation. |
|
|
Encourage people to send email to certain addresses, so that these are deluged with unsolicited mail. |
|
|
Top |
|
|
How to avoid hoaxes? |
|
|
|
|
|
Have a company policy on virus warnings |
|
|
Set up a company policy on virus warnings, for example: “Do not forward any virus warnings of any kind to ANYONE other than the person responsible for anti-virus issues. It doesn't matter if the virus warnings come from an anti-virus vendor or have been confirmed by a large computer company or your best friend. ALL virus warnings should be sent to name of responsible person only. It is their job to notify everybody of virus warnings. A virus warning which comes from any other source should be ignored.” |
|
|
|
|
|
Keep yourself updated about hoaxes |
|
|
Keep yourself updated about hoaxes information from the sources available sources on the internet. |
|
|
|
|
|
Don't forward chain mail |
|
|
Don't forward chain mail, even if it offers you rewards for doing so, or claims to be distributing useful information. |
|
|
|
|
|
Don't trust links in unsolicited email |
|
|
If you want to visit your bank's website, or any site where you enter passwords or confidential information, don't follow links in unsolicited email or newsgroups. Enter the address yourself, or use a bookmark or “favourites” link. |
