Scammers Don't Always Want Your Money - at First!

By: Etienne A. Gibbs

Sometimes scammers, clever and scheming vultures they are, may not immediately prey on you for your financial contribution. They may have something more deadly in mind - deadly to you, your computer, and the computers of all your friends. Once the scammers establishes a relationship with you, he/she knows that your email address is a "live" address (one that will give him and others he will sell your address to) so he can secretly then move on to phase two - flooding you and all the other "live" addresses he obtained with hoaxes and chain letters.

And, sadly, these emails and chain letter emails carry hidden spyware (pieces of coding that will allow the originator to take control of all the computers it touches). The code is so written that even if the email is deleted, it will still work effectively from the Recycle Bin. That's the work of scammer who are also hackers.

!b>What Are Internet Hoaxes and Chain Letters?!/b> Internet hoaxes and chain letters are e-mail messages written with one purpose; to be sent to everyone you know. The messages they contain are usually untrue. A few of the sympathy messages do describe a real situation but that situation was resolved years ago so the message is not valid and has not been valid for many years. Hoax messages try to get you to pass them on to everyone you know using several different methods of social engineering. Most of the hoax messages play on your need to help other people.

Who wouldn't want to warn their friends about some terrible virus that is destroying people's systems? Or, how could you not want to help this poor little girl who is about to die from cancer? It is hard to say no to these messages when you first see them, though after a few thousand have passed through your mail box, you (hopefully) delete them without even looking.

Chain letters are lumped in with the hoax messages because they have the same purpose as the hoax messages but use a slightly different method of coercing you into passing them on to everyone you know. Chain letters, like their printed ancestors, generally offer luck or money if you send them on. They play on your fear of bad luck and the realization that it is almost trivial for you to send them on. The chain letters that deal in money play on people's greed and are illegal no matter what they say in the letter.

The Risk and Cost of Hoaxes: The cost and risk associated with hoaxes may not seem to be that high, and isn't when you consider the cost of handling one hoax on one machine. However, if you consider everyone that receives a hoax, that small cost gets multiplied into some pretty significant costs. For example, if everyone on the Internet were to receive one hoax message and spend one minute reading and discarding it, the cost would be something like: 50,000,000 people times 1/60 hour times $50/hour = $41.7 million

Most people have seen far more than one hoax message and many people cost a business far more than $50 per hour when you add in benefits and overhead. The result is not a small number.

Probably the biggest risk for hoax messages is their ability to multiply. Most people send on the hoax messages to everyone in their address books but consider if they only sent them on to 10 people. The first person (the first generation) sends it to 10, each member of that group of 10 (the second generation) sends it to 10 others or 100 messages and so on.

Generations and (Number of Messages): 1st (10); 2nd (100); 3rd (1,000); 4th (10,000); 5th (100,000); and 6th (1,000,000)
As you can see, by the sixth generation there are a million e-mail messages being processed by mail servers. The capacity to handle these messages must be paid for by the users or, if it is not paid for, the mail servers slow down to a crawl or crash. Note that this example only forwards the message to 10 people at each generation while people who forward real hoax messages often send them to many times that number.

Recently, we have been hearing of spammers (bulk mailers of unsolicited mail) harvesting e-mail addresses from hoaxes and chain letters. After a few generations, many of these letters contain hundreds of good addresses, which is just what the spammers want. We have also heard rumors that spammers are deliberately starting hoaxes and chain letters to gather e-mail addresses (of course, that could be a hoax). So now, all those nice people who were so worried about the poor little girl dying of cancer find themselves not only laughed at for passing on a hoax but also the recipients of tons of spam mail.

How to Recognize a Hoax: Probably the first thing you should notice about a warning is the request to "send this to everyone you know" or some variant of that statement. This should raise a red flag that the warning is probably a hoax. No real warning message from a credible source will tell you to send this to everyone you know.

Next, look at what makes a successful hoax. There are two known factors that make a successful hoax, they are: (1) technical sounding language. and (2) credibility by association.

If the warning uses the proper technical jargon, most individuals, including technologically savvy individuals, tend to believe the warning is real. For example, the Good Times hoax says that "...if the program is not stopped, the computer's processor will be placed in an nth-complexity infinite binary loop which can severely damage the processor...". The first time you read this, it sounds like it might be something real. With a little research, you find that there is no such thing as an nth-complexity infinite binary loop and that processors are designed to run loops for weeks at a time without damage.

When we say credibility by association we are referring to who sent the warning. If the janitor at a large technological organization sends a warning to someone outside of that organization, people on the outside tend to believe the warning because the company should know about those things. Even though the person sending the warning may not have a clue what he is talking about, the prestige of the company backs the warning, making it appear real. If a manager at the company sends the warning, the message is doubly backed by the company's and the manager's reputations.

Both of these items make it very difficult to claim a warning is a hoax so you must do your homework to see if the claims are real and if the person sending out the warning is a real person and is someone who would know what they are talking about. You do need to be a little careful verifying the person as the apparent author may be a real person who has nothing to do with the hoax. If thousands of people start sending them mail asking if the message is real, that essentially constitutes an unintentional denial of service attack on that person. Check the person's web site or the person's company web site to see if the hoax has been responded to there. Check these pages or the pages of other hoax sites to see if we have already declared the warning a hoax.

Hoax messages also follow the same pattern as a chain letter. Chain letters and most hoax messages all have a similar pattern. From the older printed letters to the newer electronic kind, they all have three recognizable parts: (1) A hook. (2) A threat. and (3) A request.

The Hook:
First, there is a hook, to catch your interest and get you to read the rest of the letter. Hooks used to be "Make Money Fast" or "Get Rich" or similar statements related to making money for little or no work. Electronic chain letters also use the "free money" type of hooks, but have added hooks like "Danger!" and "Virus Alert" or "A Little Girl Is Dying". These tie into our fear for the survival of our computers or into our sympathy for some poor unfortunate person.

The Threat: When you are hooked, you read on to the threat. Most threats used to warn you about the terrible things that will happen if you do not maintain the chain. However, others play on greed or sympathy to get you to pass the letter on. The threat often contains official or technical sounding language to get you to believe it is real.

The Request: Finally, the request. Some older chain letters ask you to mail a dollar to the top ten names on the letter and then pass it on. The electronic ones simply admonish you to "Distribute this letter to as many people as possible." They never mention clogging the Internet or the fact that the message is a fake, they only want you to pass it on to others.

Because cybercriminals are becoming smarter and more sophisticated in their operations, they are real threats to your personal security and privacy. Your money, your computer, your family, and your business are all at risk.

These cybercriminals leave you with three choices:

1. Do nothing and hope their attacks, risks, and threats donít occur on your computer.

2. Do research and get training to protect yourself, your family, and your business.

3. Get professional help to lockdown your system from all their attacks, risks, and threats.

Remember: When you say "No!" to hackers and spyware, everyone wins! When you don't, we all lose!

© MMVII, Etienne A. Gibbs, MSW, The Internet Safety Advocate and Educator

Article Directory:

| More

Related story: Index of Hoaxes
Etienne A. Gibbs, Independent Internet Security Advocate
, consults with individuals, small business owners, and home-business entrepreneurs regarding online protection against spyware, viruses, malware, hackers, and other cybercrimes and pc-disabling issues. For more information, visit

Please Rate this Article


Not yet Rated

Click the XML Icon Above to Receive Security Articles Articles Via RSS!

Powered by Article Dashboard