[Some broken links addressed 2018, after one was pointed out by Joseph Keller of http://backgroundchecks.org/. ]
Alice LaPlante published a mildly interesting article on April 1st on “seven fantastic Internet hoaxes” which actually covered rather more than seven individual hoaxes, though several of them weren’t of the kind I’m usually concerned with here.
Actually, I thought at one point that the article was a hoax itself, since it included the following:
Just in time for Halloween, InformationWeek interviewed a battery of security experts, Internet folklorists, and hoax watchdog groups to get their take on the most successful Internet hoaxes to date.
Halloween??? But since the rest of the article seems quite sane and sensible, maybe this is a late realization of a piece that was started much earlier? Or maybe it was just a whimsical moment in a fairly lighthearted piece. Though I know some of the commentators from whom LaPlante harvested quotes take the whole hoax issue as seriously as I do. By the way, Alice, Sophos are based in Abingdon, not London. Though since the airport at Kidlington, which is actually further from London than my office, now calls itself London Oxford Airport, perhaps the whole of Southern England now counts as London.
There are a couple of other fairly minor points I’d like to take up, based on some of those comments as well as LaPlante’s own observations.
- While spammers might, as Jim Graham of HoaxBusters suggested [link removed since that article has disappeared with the retirement of the HoaxBusters page], harvest some addresses from chain mail with multiple addresses (for instance on a bot-compromised PC), I think finding gold is overstating it a little. Given all the other ways in which email addresses can be obtained, not many spammers are going to pick through their own mailboxes for chain mail in order to add the addresses of other recipients. And I am concerned, as previously discussed here, that overstating this minor risk encourages the use of blind copying as a mitigation when forwarding chainletters: that’s a problem because it can actually work for the hoaxer by impeding filtering and remediation.
- It’s perfectly true that attackers will exploit and even invent stories in order to drive potential victims towards malicious web sites. While to some extent messaging and social network services like Facebook and Twitter are used to spread these stories, they aren’t necessarily hoaxes – see, for instance, the use made of the recent Russian bombings for “blackhat SEO” (Search Engine Optimization), as described at http://www.eset.com/blog/2010/03/29/russian-metro-bombings-here-come-the-ghouls and http://www.eset.com/blog/2010/03/30/here-come-more-of-the-ghouls. This is to ensure that malicious links are near or at the top of the list when people search for a hot topic by keyword on Google and similar services. This is an important security issue, but it’s not quite in the same category as more conventional chainletters and hoaxes, and nor are some of the more blatant examples of photo-fakery and parody.
Still, some old favourites there that may interest you. In recent years, I’ve become particularly interested in the way that some of the most successful chainletters have moved away from virus hoaxes to “sympathy” hoaxes and semi-hoaxes like the Amanda Bundy story described at http://www.snopes.com/inboxer/prayer/bundy.asp, and talked about them in a Virus Bulletin paper called “Whatever Happened to the Unlikely Lads? A Hoaxing Metamorphosis”, which you can find here.
During the 1990s (in fact, until 2001) I worked for Imperial Cancer Research Fund (now Cancer Research UK), and encountered cancer-related sympathy hoaxes that claimed that the American Cancer Society would benefit financially from each copy of the email that was forwarded (or each address that received it). When I worked for the UK’s National Health Service subsequently, I was frequently asked about other types of cancer-related hoax such as claim that the re-use of plastic water bottles leads to increased exposure to carcinogens. One useful resource I found then was the ACS’s own web page on “Email Hoaxes and Chain Mail” [link removed as that page is no longer there].
David Harley
Check Chain Mail and Hoaxes 
Agreed. Sympathy hoaxes seem to be on the rise. Thanks for the post, David. Here is a recent scam that attempted to use sympathy for my buy in:
http://www.dynamicalsoftware.com/community/fraud/detection
By: Avery Otto on April 9, 2010
at 2:59 pm
[…] because I’m a Londoner Avery Otto commented on my observations on sympathy hoaxes at https://chainmailcheck.wordpress.com/2010/04/03/information-week-seven-fantastic-internet-hoaxes with a link to her own blog article at […]
By: Maybe it’s because I’m a Londoner « Check Chain Mail and Hoaxes on April 12, 2010
at 7:33 pm
[…] "Information Week: 'seven fantastic Internet hoaxes'” picks up on some themes cited in an article by Alice LaPlante in Information Week, including the use and misuse of the BCC field in email, the use of real and fake news stories in blackhat SEO, sympathy hoaxes and cancer-related hoaxes. (That last category has occupied quite a lot of my professional life, having worked in the past for a cancer research organization and the UK's National Health Service.) […]
By: Triflex Enterprise | Armor-Piercing Rounds for Chain Mail on April 19, 2010
at 1:44 pm
[…] was actually pointed out to me by Joseph Keller – thanks for that! – with reference to a post from 2017 that cited a HoaxBusters article that’s no longer available. I’ve addressed that and a […]
By: Hoaxbusters bowed out – and here’s a phone scams page | Check Chain Mail and Hoaxes on January 9, 2018
at 10:48 pm