Internet Hoaxes 101

by Doug Payton

"People say believe half of what you see,
Son, and none of what you hear.
I can't help bein' confused,
if it's true please tell me dear."

– from "I Heard it Through the Grapevine", sung by Marvin Gaye

Those lyrics from a 1968 hit song still apply in the 21st century, and especially now that the Internet and E-mail have turned our planet into a grapevine of epic proportions. No longer does news have to travel one person at a time. We now have distributions lists and web pages and news groups and chat rooms where we can spread the new to dozens or hundreds or even thousands with a click of the mouse or a press of the Enter key.

However, as it is with most tools we use in our daily lives, from coffee makers and microwave ovens to snow shovels, automobiles and laser beams, the Internet can be used usefully or maliciously. "Internet Hoaxes 101" is about how to determine the difference.

 

"People say believe half of what you see, son, and none of what you hear."

There are many hoaxes and urban legends making their way around the Internet, usually via E-mail. Many are simply urban legends that have made the transition from the oral tradition to the electronic one. There are many different sorts; the boy trying to set a record for the most get-well cards received, HIV-infected needles hidden in pay phone change slots, the $250 cookie recipe, the FCC ban on religious broadcasting, the unstoppable, incurable E-mail virus, etc. The latter of those, the E-mail virus, while it never really had an oral tradition, has certainly become the most prolific of hoaxes passed around on the Internet and is what will be covered in more detail here. However, many of the features of a classic E-mail virus hoax are also present in other hoax and legend notices you may get.

For starters, before you forward something on, consider this: If someone were to come up to you on the street and tell you what you just read in your E-mail, would you believe them? Then consider how many times the E-mail you just read had been forwarded from one person to the next to the next, and consider, likewise, that if that person on the street told you he heard it from a friend of a friend of a friend, would you believe the story at all? We should hold E-mail to the same standard.

The thing about the Internet is that the same medium used to perpetuate these hoaxes and legends is the same medium you can use to check out the authenticity of the information you receive through it. In fact, there are many sites devoted solely to the debunking (or, in rare cases, confirming the truthfulness of) E-mails that make the rounds. At the end of this article are listed sites to use on your fact-finding missions.

 

"I can't help bein' confused"

So how do we know when the E-mail we received from our well-meaning friend, colleague or perhaps stranger is legitimate? In the case of E-mail virus warnings (and again, some of these apply to hoaxes in general), here are some of the warning signs:

· "Yesterday…"

In order to keep the hoax alive, it must be eternally timely. This is done by either not mentioning a date at all, or referring to "yesterday" or "last week" without mentioning the date the E-mail was written. Thus the message is as urgent now as it was 3 years ago.

· "…AOL said…"

You can replace "AOL" with any large organization (IBM, FCC, Microsoft, or even news organizations like CNN). This lends credence to the warning, since why would AOL, et. al. lie about something so serious? The thing is, unless those huge computers have sprouted vocal chords, "AOL" can’t say anything. People from AOL could, but then typically the hoax warning doesn’t mention names, just faceless companies. There have been some that say "Bill Gates said…", but then if Mr. Gates made this announcement himself, you’d think the major news media would be covering it extensively. If they didn’t, he probably didn’t.

And the FCC never sends out virus warnings. Not their job. In fact, the first places you’ll hear new virus warnings come from are virus-detection software manufacturers McAfee or Symantec because it’s good for business. Even then, don’t let name-dropping get you.

· "DON’T OPEN IT. IT WILL DESTROY YOUR FILES"

First off, ALL CAPS is a dead giveaway for someone trying to give a false sense of urgency by appearing to be YELLING AT YOU! If it looks like it was typed in on a circa 1975 teletype machine, chuck it.

Secondly, given the many different types of computers out there receiving E-mail (they aren’t all Windows PC’s, you know), there’s no chance that a single virus program can work on all computer types, as well as on the even wider field of potential E-mail reader programs.

Thirdly, virtually all actual E-mail-sent viruses are contained in a file attached to the E-mail, and the only way to spread the virus is to open the E-mail and run the attached program. The simple act of receiving or opening the E-mail does nothing.

(The use of the phrase "virtually all" is because there was one rare E-mail virus that could be executed just by reading the E-mail, but the circumstances required for that to happen were rather unique, and the weakness has been since corrected by E-mail program authors. Technically, you had to have an E-mail program that could display HTML, and the program had to also be able to execute JavaScript, and you had to have a preview window opened, such that if you clicked on the E-mail subject in one window the E-mail itself loaded in the HTML/Java preview pane automatically, thus executing the offending Javascript. Convoluted? Yes. Fixed? Yes. It’s the lone exception to the "file attachment" rule, but you won’t be seeing it.)

· "There is no known anti-virus program for this"

…and there won’t be for at least an hour, but after that the virus-detection software guys will have an update ready for you on their website. If there actually was a virus that took these guys longer than a day to come up with a fix, that would be news and you’d be hearing it on TV and radio, not from an E-mail with no date on it.

· "SEND THIS TO EVERYONE YOU KNOW"

Ah, the smoking gun of just about every hoax there is. Obviously you don’t really understand how important this information is, and must actually be told to forward it on to others. If a warning or story comes with this on it, don’t.

Often I’ll see a hoax passed on with a comment by the person who forwarded it that says, "Can’t hurt to pass this along", or, "It might be a hoax, but better to be safe than sorry", or words to that effect. But let’s think about that. A virus spreads by replicating itself and spreading to other programs on your computer, or, for E-mail viruses, by sending copies of itself to others, clogging up E-mail systems worldwide and spreading itself from there. While the hoax message you get doesn’t destroy any of your files, the sheer volume of forwarded and re-forwarded messages about alleged free trips to Disney World or "something hilarious will pop up on your screen if you forward this to 15 people" does it’s own version of clogging up E-mail systems from all over. In essence, urban legend and hoax messages are themselves a form of E-mail virus! It’s not spread by any effort of clever programming, it simply declares itself to be important, and lets humans put out the effort to spread it.

Now, my family and friends will tell you that I have, on occasion, sent out virus warnings. How do they know I’m not passing along yet another E-mail hoax? It’s actually quite easy. I tell them where I got the information, the date I got it, and since it’s generally a news story from a web page it has the name of the reporter as well as named sources throughout.

 

"If it's true please tell me dear."

So where do you go to check out these myths? There are boatloads of places to look.

For virus information:

McAfee - http://www.mcafee.com
Symantec (Norton Antivirus) - http://www.symantec.com/avcenter/index.html

For E-mail virus hoax information:

http://www.datafellows.com/news/hoax.htm
http://www.orn.usace.army.mil/WebRes/virus.html
http://spcug.org/hoax.htm
http://www.stiller.com/hoaxes.htm
http://www.stiller.com/top5.htm
http://www.tivoli.com/products/index/secureway_firstsecure/symantec_norton_av.html
http://www.nai.com/services/support/hoax/hoax.asp
http://www.acs.uwosh.edu/documentation/virus/
http://sassman.net/virus/
http://vil.mcafee.com/hoax.asp
Fraud - Hoax Messages
Fraud Prevention, Information and News about Fraud Online

 

For urban legend information (including an E-mail virus hoax section):

http://www.snopes.com/ (they have a good search engine to help you find information on a particular E-mail you may have received or story you may have heard)

Return to "Consider This!"