Hoaxes and Spam

What are Hoaxes?

Not to be confused with phishing emails, hoaxes do not fraudulently try to get you to release private information, rather they usually want you to forward the message (usually to everyone you know). Similar to chain letters, hoaxes appeal to several different types of social engineering. The main one being people's desire to help others. Often hoaxes pertain to a new unknown "virus".

Risks of Hoaxes

Aside from an annoyance, hoax emails can lead to mass mailouts and slow mail servers. A few hoaxes also instruct people to delete otherwise legitimate system files from their computer.

After repeatedly becoming fooled into believing a virus warning is merely a hoax, computer users might ignore all virus warning messages, leaving them susceptible to attack. This is especially dangerous when the virus assumes the identity of a previous hoax virus.

Also spammers have been recently known to deliberately start hoaxes in order to collect email addresses.

Recognizing Hoaxes

There are several tell-tale signs that an email is a hoax:

• The email requests that you pass it on to everyone you know.
• There is a plausible, but unsupported, claim.
• The use of technical language.
• Credibility by association.
• A sense of urgency.

Chain letters and most hoaxes also possess a similar pattern of a hook, a threat and a request. The hook is to catch your interest so you read the rest of the letter. This is usually done through fear towards the state of your computer or sympathy towards someone less fortunate. The threat often contains official sounding language to lend itself credit and plays on fear, greed or sympathy to get you to pass the letter on. The request is usually that you further distribute the letter however it can sometimes ask that you contribute money.

Legitimate warnings always contain complete contact information from the original sender and will often be signed with a cryptographic signature (like a PGP) to confirm its authenticity.

Dealing with Hoaxes

Never forward an email unless you are sure of its validity.

You can see if the email is a hoax by checking:

• If the hoax is listed on a known hoax website (Hoaxbusters, F-Secure's, McAfee, Symantec)

If the hoax is not listed, you can also check:

• The PGP signature.
• The website of the organization in charge of containing the virus.
• If a person is referenced within the message actually exists (if they do exist do not send them an email, as this could result in them receiving the brunt of the hoax).

Spam

Spam is electronic junk email often advertising some product or service. This unwanted email can clog up your mailbox and waste bandwidth.

There are ways to prevent some of it:

• Don't sign up for unknown newsletters of newsgroups
• Beware who you give out your email address to
• Never reply to spam or asked to be removed as it simply verifies that your email address is valid
• Use an email client with a built in spam filter, like Thunderbird
  
  

For more information about spam, see www.ucalgary.ca/it/email/spam

Getting help

You can report illegal scams to the RCMP's national anti-fraud call centre. For more info, see the Phonebusters website.