We’ve just received a report of a destructive virus that will wipe all data from the hard disk. We’re not the least bit worried though. Why? Well, it’s just a hoax.
So what is a hoax? Typically, a hoax takes the form of an e-mail message that carries a warning about the ‘imminent danger’ posed by a non-existent threat. The aim is to scare users into sending the false warning to their contacts: friends, family, colleagues. Hoaxes cause no direct harm to data. However, a user’s well-meaning action in forwarding the message gives credence to the hoax, spreads the fear, doubt and uncertainty even further and clogs up networks with increasing amounts of ‘self-inflicted spam’.
Trying to stamp out a hoax can be as difficult as putting out a forest fire: ‘successful’ hoaxes often come back again and again, like recurrent bouts of malaria. To make matters worse, sometimes a real threat will model itself on the ‘look-and-feel’ of a previous hoax.
So how do you decide if something’s a hoax or not? Here are some general guidelines.
- Don’t simply forward such an e-mail message without checking first to see if it’s a hoax.
- If it didn’t come from a security vendor’s news or alert service, check out the hoax sections of specialist security web sites.
- If in doubt, check with your anti-virus vendor, or send it to ‘firstname.lastname@example.org’ for analysis.
- Never click on attachments in e-mails that come from an unknown source.