US-CERT Cyber Security Tip ST04-009 -- Identifying Hoaxes and Urban Legends

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                        National Cyber Alert System
                        Cyber Security Tip ST04-009


Identifying Hoaxes and Urban Legends

   Chain letters are familiar to anyone with an email account, whether
   they are sent by strangers or well-intentioned friends or family
   members. Try to verify the information before following any
   instructions or passing the message along.

Why are chain letters a problem?

   The  most  serious  problem is from chain letters that mask viruses or
   other  malicious  activity.  But  even the ones that seem harmless may
   have negative repercussions if you forward them:
     * they consume bandwidth or space within the recipient's inbox
     * you  force  people  you  know  to  waste  time sifting through the
       messages and possibly taking time to verify the information
     * you are spreading hype and, often, unnecessary fear and paranoia

What are some types of chain letters?

   There are two main types of chain letters:
     * Hoaxes - Hoaxes attempt to trick or defraud users. A hoax could be
       malicious,  instructing  users  to  delete a file necessary to the
       operating  system  by  claiming  it is a virus. It could also be a
       scam  that  convinces users to send money or personal information.
       Phishing  attacks  could  fall  into  this  category (see Avoiding
       Social Engineering and Phishing Attacks for more information).
     * Urban legends - Urban legends are designed to be redistributed and
       usually  warn  users  of a threat or claim to be notifying them of
       important  or  urgent  information.  Another  common  form are the
       emails  that  promise  users  monetary  rewards for forwarding the
       message  or  suggest  that they are signing something that will be
       submitted  to  a  particular  group. Urban legends usually have no
       negative effect aside from wasted bandwidth and time.

How can you tell if the email is a hoax or urban legend?

   Some  messages  are  more  suspicious  than  others, but be especially
   cautious  if  the message has any of the characteristics listed below.
   These  characteristics  are  just  guidelines--not every hoax or urban
   legend  has  these  attributes,  and some legitimate messages may have
   some of these characteristics:
     * it suggests tragic consequences for not performing some action
     * it promises money or gift certificates for performing some action
     * it offers instructions or attachments claiming to protect you from
       a virus that is undetected by anti-virus software
     * it claims it's not a hoax
     * there are multiple spelling or grammatical errors, or the logic is
       contradictory
     * there is a statement urging you to forward the message
     * it  has  already  been  forwarded multiple times (evident from the
       trail of email headers in the body of the message)

   If  you  want  to  check  the validity of an email, there are some web
   sites that provide information about hoaxes and urban legends:
     * Urban Legends and Folklore - http://urbanlegends.about.com/
     * Urban Legends Reference Pages - http://www.snopes.com/
     * Hoaxbusters - http://hoaxbusters.ciac.org/
     * TruthOrFiction.com - http://www.truthorfiction.com/
     * Symantec Security Response Hoaxes -
       http://www.symantec.com/avcenter/hoax.html
     * McAfee Security Virus Hoaxes - http://vil.mcafee.com/hoax.asp
     _________________________________________________________________

   Authors: Mindi McDowell, Allen Householder
     _________________________________________________________________

    Produced 2007 by US-CERT, a government organization.

    Note: This tip was previously published and is being re-distributed 
    to increase awareness. 
  
    Terms of use
 
    <http://www.us-cert.gov/legal.html>
  
    This document can also be found at
 
    <http://www.us-cert.gov/cas/tips/ST04-009.html>
 

    For instructions on subscribing to or unsubscribing from this
    mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
     
          
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRkInnexOF3G+ig+rAQKZLQf/YuXEbzhsW+3QvXaYv4woz8VkbTC8oqMp
S3/GuAaBrgoIjzdjSoob0QUhgUUMFmG+hwQq76kqyPnw93frL7BJHE/oMPPVyWqL
auO7/UKv4ezC1/kJrvsUQdHhKUr/Yr9l8EBBgdX0pydoJS9B1pW7RgfoFSbVRt0C
TfVSCc5bRugbFxPRueMR4YoqgwqY6O7QAAa9qNh2fNcRn3vBbbvYmhqVEsfwuBaN
JYFkdS/e2JhKaeJYwHh+KBcPb6c67H9NEVyiRPvYGkdbYBUU4aFF/QPA3XLAWLSn
ahKdWVwi53fJfTk/E0Iy2W5PoaWCCe6Xw0kLlAcsjclGV/M09dqH2A==
=hRfM
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux