Hoaxes and Scams

For the last few years, we here at LSUHSC Shreveport have endured a wave of e-mail hoaxes and pranks, exploiting users' unfamiliarity with how email, the internet, and computers in general work. With the growth of email and the internet, more and more new users are becoming targets for pranksters. Urban myths are just waiting for a critical mass of people who have not been exposed, so that they can go streaming across the net again. There is no technical solution to this problem. Even when users become experienced enough to be able to tell a fabricated message when they see one, anyone can get suckered sometimes. It seems that all email users will have to put up with a certain amount of nonsense. Generally, these messages are only an annoyance, but internet hoaxes have already cost victims property, reputation, and even endangered their lives. Experienced users call these problem messages Junk-mail Viruses, because they act like other computer viruses, only they use people as the method of infecting new systems. Users of email must learn to be skeptical, and think carefully before spreading a message to new users. There are some simple things you can do to avoid being a carrier for junk mail viruses:

  1. If you get a message that seems like it should be shared with LOTS of people, don’t send it unless either you know the message is true, you can authenticate their identity, or you know the sender personally, and know they would have written this message. The more urgent it sounds, the more skeptical you should be. Even if you think it might be true, don’t forward it to anyone.

  2. If you really want to send it, always check with the originator before forwarding it! This is the best way to tell a hoax or a prank. Just reply to the first sender, and ask them if it is true. If they can't tell you, then don't send it! Most pranks and hoaxes have forged headers and signatures, and when you try and verify the validity of the message, you will find that the address is not valid. Even if the originator is the prankster, and tells you to go ahead, at least they can be caught and dealt with. If this seems like too much of a bother, then it is not that important and you should not send it anyway.

  3. If the message tells you to do something, especially if that something involves sending a file or message over the network, check with someone knowledgeable that you can trust. Imagine you received a package in your real home’s mailbox asking you to place your house keys in the return envelope provided, and mail them to a post office box. Would you comply? People fall for the computer version of this all the time.

  4. If you see or get something that really makes you angry, remember you can’t be sure who sent it! It is very, very easy to frame someone with an e-mail message. All someone has to do is sit at their computer when the victim is away from the keyboard. But hackers can be much more sophisticated. They can forge any message to make it appear from anyone.

  5. Chain e-mails are a scam, and most often, they are a crime. If you forward one, you may be blasted with hundreds of angry messages in reply. But if you see one, remember that you can’t really be sure who sent it.

  6. Never open anything included, linked, or attached to an email from someone you don't know. It is possible to download a dangerous executable program through e-mail, or through your web browser. Never run a program from a source you don’t have good reason to trust!

Many hoaxes encourage their victims to forward a message to as many people as possible in order to get a reward for themselves or on the behalf of some charity. The hoax claims that if enough copies of the message get sent then something good will happen. Alternatively, some messages claim that unless enough messages are sent, then something bad will happen.

The thing to know is that there is no way for anyone to count the number of copies of an email in circulation on the internet, nor to count the number of times something has been forwarded. In order to actually do this, not only would you have to run a program that would "open" and examine the contents of many millions of email messages all over the world, but the program would have to trace the path of each message as well. This would be an incredible technological challenge with no real return on the investment.

You might ask "what's the harm in forwarding an e-mail to my friends?" The answer is that some of the latest hoaxes are intended to do more than just deceive you. Recently, you may have seen a web page saying if it gets "a million hits" then some poor sick little girl's grandparents would donate money for her treatment. Think about it, if her grandparents had the money and their grand-daughter was really sick, do you think they would wait for a web page to get a million hits? No, the only thing that is sick is the person who put up that website. Was it just a prank to get a million hits? Absolutely not. The page had a revenue generating ad banner on it. Every time someone visited that page the guy made money. And, if the visitor clicked on the ad banner, even more money was made. The danger of a scam like this is that as people begin to catch on, they will be less trusting of legitimate sites that have an honest message.

It gets even worse. Con artists on the net are finding better ways to make money off the gullibility of well meaning people. The latest scam is online petitions. You are presented with some legitimate sounding cause and told that when a million people sign the petition, it will be presented to some organization or perhaps an elected official. Note: some of these petitions are real, but lately there have been petitions popping-up on the web with a more sinister purpose... they are collecting e-mail addresses to sell to spammers, often porn sites. So while you think you are being a good citizen by sending all your friends to sign an important petition, in fact you are helping some low life make a buck while getting your unsuspecting friends signed-up for a ton of unwanted junk e-mail, much of it of an adult nature. And once you are on those lists you can't get off, responding with a "remove" message only informs them that they have a warm body at that e-mail address reading the spam, which increases the value of their list. A list of

people who will actually open spam email and respond to it is a valuable commodity which will be sold from spammer to spammer. The ‘fresher’ the list, the more it is worth.

Legitimate e-mails and web sites provide ways to contact the author or webmaster. Scam artists hide their identities, they fear being tracked down. Just having an e-mail address doesn't guarantee the writer is honest (free e-mail addresses are easy to come by), but if you find a site that offers no hint of the author or way to contact him/her, then be very suspicious.

If an e-mail or web site claims to represent some large, well known institution, then is it clearly associated with them? For example, if an email claims to be on the behalf of the John Doe Society, does the return address reflect that? Most of the large institutions now have web sites and their own domain names. Likewise, if you see a web page that claims to speak on behalf of the JDS, is it hosted as part of JDS's web domain (in this case: www.johndoe.org)? If instead it is hosted by a free service like GeoCities or Xoom, or if the e-mail is from Hotmail or Yahoo, then watch out, because it probably isn't from who it claims to be.

Does the e-mail claim that it is being "tracked?" This is a sure sign of a hoax since e-mail can not be reliably tracked. Rather than helping some poor soul when you forward one of these messages, you are in reality wasting precious network bandwidth, which hurts all of us.

A rising tide of warnings about nonexistent computer threats is proving nearly as disruptive as the actual viruses, experts say. The hoaxes have become a kind of virus themselves, passed along with good intentions but sometimes swamping computer networks. The email hoaxes create unwanted fear, waste time, and chew up network resources as users try to alert their friends to the "threat," and confuse others about security precautions they need to take. If you forward one message to 15 people, and each of them forwards to 15 other people, and so on -- in just four generations, the process will have produced over 50,000 wasted messages. In essence you will have wasted 50,000 people's time, perhaps spread fear or panic in them, and helped to slow down the network. In some cases, such as the email regarding the Jdbgmgr.exe virus with the teddy bear icon, you may be instructed to remove files to “clean” the virus from your system. In this example, however, you actually delete important system files needed by the Windows operating system, because jdbgmgr.exe is not a virus but rather a Microsoft program that is part of Windows.

It’s not that computer viruses aren’t a real problem. After all, they can be delivered by e-mail, and they can alter or destroy data. In some cases, such as the recent Melissa outbreak, the virus attempts to mail copies of itself to anyone in a users' e-mail address book. As long as you have antivirus software that is up-to-date and actively running on your system, you are generally safe from most known viruses.

Experts say there are a number of warning signs that can help users spot false virus alerts. Among them:

No source - Typically, a hoax will cite a company, such as Microsoft, IBM, or America Online, as having made an announcement about a devastating new virus, and may even contain a "copy" of the nonexistent announcement.

Poor Grammar - Many virus hoaxes often contain misspellings and grammatical errors typical of the youngsters who usually create the hoaxes.

Hysteria - All hoaxes contain an urgent request for readers to send copies to everyone they know combined with adjectives such as "deadly" to describe the virus.

If you get an alert and don't know if it's real, check the following Web site:

McAfee Hoax Library

If you receive a forwarded email that is originally from an unknown source stating to delete files on your system, never follow instructions in an email to make any changes to your system (delete files, etc.) without checking with your computer supporter first!!!!

For any questions or comments about this web site, please feel free to email us at sh-helpdesk@lsuhsc.edu