Cyber Security Expo
 
Internet Hoaxes by Charles Hornat on 13/05/03

Click here for the Microsoft PowerPoint version.

 

 

In this quick presentation, we will examine Internet Hoaxes and how to identify them. Two examples that recently were received will also be dissected so that you can see the steps taken to determine their validity (or lack thereof).

 

 

An Internet Hoax is basically an email meant to deceive or threaten the user into performing a specific action. That action could be to forward an email to multiple people, disclose personal or confidential information, or trick the reader into installing or deleting applications on their computer.

 

 

Hoaxes can be categorized into a lot of different categories. Some of the more popular ones are outlined above.

There is one additional hoax I have seen several times and each time has been a bad experience. A coworker got an email recently explaining of a new virus that is causing havoc on the Internet. It instructs the user to search their computer for a file, and delete it if found. Of course the un-suspecting user opens up Internet Explorer and searches for the file. And of course the file is found. And of course they delete the file. Later on that day the computer does not operate correctly, and is constantly crashing or is too slow.

 

 

This is an example of a scam letter email. It is meant to convince the reader that PayPal is looking out for my best interest. The only problem is I don’t have, nor I ever used PayPal. Notice the header and their logo. Looks very official.

 

 

This is a real example that found its way into my personal email account. Notice the sender and the layout. Even the copyright at the bottom is included. This is also an example of a scam hoax. The part that should tip you off on this is that Microsoft will never ever email hotfixes or patches. They will give you basic information and a link to a page that has more details and includes a link to download.

 

 

Most Hoax threats follow one simple pattern: Hook, Threat, and Request. The email will first try to get your attention through a clever title and and start off with drama or other interesting tidbits. Then it will deliver some sort of threat For example, everyone who has deleted this has received 11 years of bad luck or something similar. Finally it makes a request. If you send it to 100 people, then the threat will not occur to you.

Second, is the email from someone who is a security professional? Even if its from your mom, does she know enough to determine this to be credible?

The last two items are the most obvious. If it ask you to send it to anyone, it’s probably a hoax. Antivirus and application companies will not ask you to email anything to anyone. They will do it themselves. And look at the email headers to make sure they are from the source they appear to be from. We will cover the technical aspect of that later in this presentation.

 

 

Before ever clicking on the link, you should check the destination. To do this simply hover your pointer over the link and the URL should appear in the bottom of your browser. However, this can be deceiving as well. The best way is to right click on the link, and select properties. In this example, you will find the url: http://www.paypal.com/@211.75.58.108/pp/processing.htm. Notice the ‘@’ sign. Anything before that is irrelevant. Everything after that is the real link. One could put anything they wanted in front of that ‘@’ sign. For more information on URL manipulation, go to: http://www.noccc.org/bytes/articles/v01/648.html.

 

 

In this particular hoax, the email gives a subtle hint to possible foul play (iamlzytaw_903216@support.msdn.com). Further research will be needed to confirm the suspicions that that ID is not real.

 

 

The best way to tell if an email is from who it claims to be is to view the header. This can be done several different ways depending on the email application you are using. If you use Yahoo, then there is an option in the upper right corner titled “Full Headers”. When we selected that for this example, we found the “Return Path” to be: ftballguy68@cox.net. This doesn’t sound like an official Microsoft address does it?

If you also look at the “Received” items, they all include a *.cox.net (nothing regarding Microsoft). Even the “Message ID” is referencing *.cox.net.

 

 

Finally, you can search the Internet for further information. When you get a possible hoax, and you want to research it, simply go to google or yahoo (www.google.com or www.yahoo.com) and type in the title of the email or other relevant information and see what comes up. You can also reference the sites listed above for further information as well as additional steps on combating Internet Hoaxes.

Good Luck!



Rate this article

All images, content & text (unless other ownership applies) are © copyrighted 2000 -  , Infosecwriters.com. All rights reserved. Comments are property of the respective posters.