- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Summit Series
- SANS Partnership Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- List of Resources
- Top 20 List
- Top 25 Programming Errors
- Top 10 Security Trends
- Top 5 Essential Log Reports
- Reading Room
- Webcasts
- WhatWorks
- Newsletters
- RSS Feeds
- Calendar Feeds
- Projects
- Security Policy Project
- Security+ Study Guide
- S.C.O.R.E.
- Awards & Recognitions
- SANS Buyers Guide
- Security Tool Demos
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Email Hoaxes and Why They Work
Email Hoaxes and Why They Work
April 11th, 2008
By Chris Crowley
Even before the advent of e-mail as a mechanism for delivery, urban legends, hoaxes and scams lay in wait for the unwary. E-mail delivers the old tricks in new packages (and more widely and quickly than ever before) but the underlying mechanisms still remain.
Jan Harold Brunvand, author of Encyclopedia of Urban Legends and The Vanishing Hitchhiker: American Urban Legends and Their Meanings explains that urban legends require the following ingredients: "a strong basic story-appeal, a foundation in actual belief, and a meaningful message or 'moral'."[1]
E-mail Hoaxes and Why They Work
These stories appeal to the reader's vanity, fear, greed, self-elevation or lust. The plots are often marginally plausible and might involve some element of truth. A real or doctored photograph might be included with a fictitious explanation. Often the intent of the hoax is not known. When a hoax is used to defraud, it is considered a scam.
The most famous and possibly the most effective scam is the "Nigerian Scam"[2] where a plea is made to assist an unknown foreigner to move a large sum of money out of his country. In the process of this shell game, the victim provides his bank account information to the scammer, and the bank account is drained of money. The scam works because it appeals to the victim's greed, and also implores the assistance of the victim in setting a wrong right. There are several variations on the theme of this scam.
In general, people want to believe what they read. People also tend to pass along information which they deem to be important, privileged, or scandalous to their circle of friends and family. This is done in an earnest effort to aide, but also to position the sender as a source of important information.
Shock and disbelief are also utilized to disperse hoaxes. One example of a horrific but plausible story is of the night janitor in a hospital who accidentally caused several deaths by unplugging life support systems to use the outlet for the floor polishing tool.[3]
Several web sites are dedicated to debunking the myths propagated by e-mail. The U.S. Department of Energy Computer Incident Advisory Capability (CIAC) maintains hoaxbusters.[4] Snopes.com is another site which catalogs and debunks myths that percolate through e-mail. If you're like the rest of humanity, you're probably inclined to read a few of the stories just to see how ridiculous they are.
===
1. http://www.janbrunvand.com/
2. http://www.ftc.gov/bcp/conline/pubs/alerts/nigeralrt.pdf
3. http://www.snopes.com/horrors/freakish/cleaner.asp
4. http://hoaxbusters.ciac.org/
Check Them Out!
This is hands-down, the premiere training opportunity.
- Dan Mather, JICPAC
