for the Microsoft PowerPoint version.
In this quick presentation, we will examine Internet Hoaxes
and how to identify them. Two examples that recently were received will also
be dissected so that you can see the steps taken to determine their validity
(or lack thereof).
An Internet Hoax is basically an email meant to deceive or threaten
the user into performing a specific action. That action could be to forward
an email to multiple people, disclose personal or confidential information,
or trick the reader into installing or deleting applications on their computer.
Hoaxes can be categorized into a lot of different categories.
Some of the more popular ones are outlined above.
There is one additional hoax I have seen several times and each
time has been a bad experience. A coworker got an email recently explaining
of a new virus that is causing havoc on the Internet. It instructs the user
to search their computer for a file, and delete it if found. Of course the
un-suspecting user opens up Internet Explorer and searches for the file. And
of course the file is found. And of course they delete the file. Later on
that day the computer does not operate correctly, and is constantly crashing
or is too slow.
This is an example of a scam letter email. It is meant to convince
the reader that PayPal is looking out for my best interest. The only problem
is I don’t have, nor I ever used PayPal. Notice the header and their
logo. Looks very official.
This is a real example that found its way into my personal email
account. Notice the sender and the layout. Even the copyright at the bottom
is included. This is also an example of a scam hoax. The part that should
tip you off on this is that Microsoft will never ever email hotfixes or patches.
They will give you basic information and a link to a page that has more details
and includes a link to download.
Most Hoax threats follow one simple pattern: Hook, Threat, and
Request. The email will first try to get your attention through a clever title
and and start off with drama or other interesting tidbits. Then it will deliver
some sort of threat For example, everyone who has deleted this has received
11 years of bad luck or something similar. Finally it makes a request. If
you send it to 100 people, then the threat will not occur to you.
Second, is the email from someone who is a security professional?
Even if its from your mom, does she know enough to determine this to be credible?
The last two items are the most obvious. If it ask you to send
it to anyone, it’s probably a hoax. Antivirus and application companies
will not ask you to email anything to anyone. They will do it themselves.
And look at the email headers to make sure they are from the source they appear
to be from. We will cover the technical aspect of that later in this presentation.
Before ever clicking on the link, you should check the destination.
To do this simply hover your pointer over the link and the URL should appear
in the bottom of your browser. However, this can be deceiving as well. The
best way is to right click on the link, and select properties. In this example,
you will find the url: http://email@example.com/pp/processing.htm.
Notice the ‘@’ sign. Anything before that is irrelevant. Everything
after that is the real link. One could put anything they wanted in front of
that ‘@’ sign. For more information on URL manipulation, go to:
In this particular hoax, the email gives a subtle hint to possible
foul play (firstname.lastname@example.org). Further research will be needed
to confirm the suspicions that that ID is not real.
The best way to tell if an email is from who it claims to be
is to view the header. This can be done several different ways depending on
the email application you are using. If you use Yahoo, then there is an option
in the upper right corner titled “Full Headers”. When we selected
that for this example, we found the “Return Path” to be: email@example.com.
This doesn’t sound like an official Microsoft address does it?
If you also look at the “Received” items, they all
include a *.cox.net (nothing regarding Microsoft). Even the “Message
ID” is referencing *.cox.net.
Finally, you can search the Internet for further information.
When you get a possible hoax, and you want to research it, simply go to google
or yahoo (www.google.com or www.yahoo.com) and type in the title of the email
or other relevant information and see what comes up. You can also reference
the sites listed above for further information as well as additional steps
on combating Internet Hoaxes.