Page 168 - StudyBook.pdf
P. 168
152 Chapter 3 • Communication Security: Remote Access and Messaging
Hoaxes
E-mail hoaxes are those e-mails sent around the Internet about concerned parents
desperately searching for their lost children, gift certificates being offered from retail
stores for distributing e-mails for them, and dangerous viruses that have probably
already infected the user’s computer.
There are a lot of different ways to separate hoaxes from real information. Most
of the time, it comes down to common sense. If users receive e-mail that says it
originated from Bill Gates who is promising to give $100 to everyone who for-
wards the e-mail, it is probably a hoax.The best rule of thumb is timeless—if some-
thing seems too good to be true, it probably is. If a user is still not sure of the validity of
an e-mail message, there are plenty of sites on the Internet that specialize in hoaxes.
One of the more popular sites is www.snopes.com.
Virus hoaxes are a little different.Virus hoaxes are warnings about viruses that do
not exist. In these cases, the hoax itself becomes the virus because well-meaning
people forward it to everyone they know. Some virus hoaxes are dangerous, advising
users to delete certain files from their computer to “remove the virus,” when those
files are actually very important OS files. In other cases, users are told to e-mail
information such as their password (or password file) to a specified address so the
sender can “clean” the system of the virus. Instead, the sender will use the informa-
tion to hack into the user’s system and may “clean” it of its valuable data.
How do users know whether a virus warning is a hoax? Since users should
never take a chance with viruses, the best place to go is to the experts—the anti-
virus companies. Most anti-virus companies have information on their Web sites
that list popular e-mail hoaxes.The most important thing to remember about e-
mail hoaxes is to never follow any instructions within the e-mail that instructs users
to delete a certain file or send information to an unknown party.
Phishing
Phishing is a fairly new threat to the e-mail community.The basis of phishing is that
there is a “lure” provided in the malicious e-mail, but not actually a virus.Where
viruses can easily be detected because of their typically executable or “zipped” state,
Phishing attempts are e-mails that are more or less completely benign.
Typically, the e-mail is drafted in such a way as to convey a sense of safety and
security.Where some viruses fed on human curiosity with promises of attachments
filled with pornographic images, phishing attempts often assert that they are the
“Customer Service” department of your bank or the “Security Council” for a
www.syngress.com
