IT Professionals

Protecting Against Hoaxes Part III

Posted by on Jul 3, 2009 | No Comments

Helping users to understand what hoaxes look will go along way in protecting against them. Most e-mail hoaxes (and almost all of the really successful ones) come in several recognizable categories:

  • The technical warning. Many successful hoaxes use highly technical language to describe a threat. The description is often complete nonsense.
  • The Good Samaritan ploy. Hoaxes don’t just warn you of a mythical threat, they play on your desire to help your friends, or to appear important, and cajole you into sending the fake warning to everyone you know. This lends the warning an air of authenticity because it comes from someone users know.
  • The too-good-to-be-true offer. Among other common ploys are those get rich quick schemes that clearly sound too good. They’re usually pretty stupid, but people fall for them every day.

The e-mail hoax is just the technological equivalent of the chain letter and follows the age-old three-part pattern of all successful cons:

  1. The hook
    First, there will be an appeal to greed or compassion or the chance to show off by being the first to warn your friends. The hook is the virus warning, the dying child announcement, the offer to make Big Money at Home While Sleeping, or a similar catchy subject line that is expanded in the first several paragraphs if you open the e-mail.

  2. The threat or warning
    The message will quickly move on to warn of severe damage that could occur to your computer (or some other dire consequences that might befall you) if you don’t take a certain action.

  3. The action
    Although a few hoaxes will simply rely on your inherent desire to share good or bad news, nearly all of them will include a final plea to send copies of the original message to as many people as you can.

Certainly the most easy-to-identify feature shared by all hoaxes is this: They come in an e-mail, not from a trusted Web site or a mailing list you have subscribed to, but from an untrusted source. That should be such a gigantic red flag that no other warning is needed.

[awsbullet:pranks+hoaxes]