Issue 40 - Hoax-Slayer Newsletter
Issue 40: 30th September, 2004
This week in Hoax-Slayer:
Hoax-Slayer is a Free Monthly Web-Based Newsletter brought
to you by Brett Christensen The Hoax-Slayer Newsletter keeps you informed about the latest email hoaxes and current Internet scams. Hoax-Slayer also features
anti-spam tips, computer security information, pertinent articles and more.
As soon as the newsletter is published each month, subscribers are sent a notification email with a direct link to the latest issue. The Hoax-Slayer Newsletter is
absolutely free and you can easily unsubscribe at any time either by following a link in the notification email or visiting the Hoax-Slayer
Unsubscribe page.
To get your
free subscription, enter your
complete email address in the form below and click the "Subscribe" button. Concerned about giving out your email address online? I will
never sell or give away your email address, or any other personal information, for
any reason what so ever.
Read the
Hoax-Slayer Privacy Policy for more information.
Subscribe to the newsletter via RSS feed
Subscription Options in Detail
FDIC Phishing Scam
The FDIC (Federal Deposit Insurance Corporation) is just one of a
number of institutions that are currently being targeted by
phisher scammers. A recent scam email (see example below)
masquerades as a message from the FDIC that gives details about a
supposed "ATM/Debit/Check Card Protection Program". A link in
the email directed potential victims to a bogus web page designed
to resemble a page on the official FDIC site. The web page
requested sensitive personal information ostensibly to register
for the proposed "protection system". In fact, any information
provided would be acquired by the criminals behind the scam and
would likely be used to commit fraud and/or steal the victim's
identity. The information in the email is false and does not
originate from the FDIC.
It is highly unlikely that the FDIC, or any other legitimate
institution would request financially sensitive information via
email. If you receive such a request, do not reply and do not
click on any links provided. Contact the institution directly if
you have the slightest doubt regarding the veracity of a message.
You should also check the institution's real website, as
information about current phisher scams is often provided.
Read more information about phisher scams
Read more information about FDIC phisher scams
ATM/Debit/Check Card Protection Program
In cooperation with your bank and other major American banks the
FDIC has developed a new anti-fraud screening solution. This is
an effort to prevent the recent surge in credit, debit card fraud
and identity theft.
The system is an advanced neural network that scrutinizes card
transactions and ATM withdrawals to deliver a highly accurate
risk score by analyzing the spending behavior of each cardholder
along with the profile of each merchant and ATM. It will try to
detect and stop any suspicious or fraudulent ATM, debit or check
card activity.
Register with our ATM, debit and check card protection program
and you can use your card to shop online, in a store, or withdraw
money at the ATM, and you'll be fully protected from unauthorized
use of your card or account information. With FDIC's Zero
Liability policy, your liability for unauthorized transactions is
$0-you pay nothing!
All major American banks will implement this system within a near
future.
We continuously receive information from your bank such as your
e-mail, name, address and other personal information. Therefore
the registration process is fast and we probably have most of
your information on file already.
Note that this program only applies to your ATM, debit or check
card - which is linked directly to your checking account, not
credit cards.
Please take a moment and follow the link below to securely
register your card totally free of charge.
[LINK REMOVED]
Regards,
www.fdic.gov
Security Department
Discuss This Story
Walmart Fire Charity Hoax
Yet another absurd "charity" email is currently circulating. The
email presents the sad, and totally fictional, tale of a
six-year-old girl who was badly burnt in a Walmart fire. It
informs recipients that the child's family needs help to cover
medical expenses. Like
similar charity hoaxes, this one claims
that the email is being tracked and that money will be donated
every time the email is sent to others. In this case, the
company supposedly doing the donating is AOL. While AOL does
indeed direct some funds to charity, it certainly does not base
these donations on how many times a specified email is forwarded.
This hoax began hitting inboxes during 2003 but submissions
indicate that it is currently enjoying a comeback. The absurd
claim that AOL is tracking the email is enough to identify it as
a hoax immediately. Another indication of the email's status as
a hoax is the telling lack of details. The child is identified
only as "Sandy", other family members are not named at all, and
there is no indication of when or where the fire took place.
As stated, a charity campaign based solely on the forwarding
of an email is exceptionally unlikely. However, if such a
campaign did actually take place, verifiable details and
reference information would almost certainly be included in
the message.
The concept of individual emails being "tracked" is one shared
by a number of hoaxes. The only way to "track" a message would
be to embed some sort of code in the email and it would have to
be continually forwarded in HTML format for the code to continue
collecting and submitting data. The logistics of tracking an
email that could ultimately be forwarded thousands of times are
clearly problematical at best.
In any case, tracking an email in the way described would raise
all sorts of privacy issues and it is highly unlikely that any
ethical organization would knowingly participate in such a
practice.
An example of the hoax email:
A sister and her brother were inside the new Walmart built in
town. The sister at six years of age, the brother seventeen
years of age. The brother was fixing to buy a present for his
little sister on her birthday, but as soon as they were fixing
to leave she had to go to the bathroom. Her brother showed her
where it was, he started to look at some earrings she would
probably like for her next birthday. As he started to buy them
he saw people running from the end of the store screaming and
yelling with fear. Before he new it he smelled smoke and saw
fire, he ran to his little sister as fast as he could but when
he got to the bathrooms they were already on fire. He new he
had to get out as fast as he could to get help. But when the
firetrucks arrived it was already to late. Two days later the
family got a call from the hospital saying they have someone
there by the name of sandy. They asked "How did you get this
number"? The hospital said she was holding a purse in her hand
with a card that said her name and number on it. The family
drove to the hospital to see thier little angel. While they
looked at her, they noticed her arm was almost all the way
burnt off, and her face was so burned it needed surgery. But
the family didnt have enough to cover the bill.
So now the need you to help out!
Note: Every time you send this to three people aol will take away
$2.00 off the hospital bill.
DO NOT DELETE! AOL IS TRACKING THIS!
Discuss This Story
Hoax-Slayer FAQ's (Part Three)
Every week I receive a great many enquiries about scams and
hoaxes. Since many enquiries, and their answers, cover the same
material, I have condensed them into a set of Frequently Asked
Questions. This week I will cover several more email hoaxes that
are very common subjects of enquiries.
Q. I got a message that says that adding [specified email
address] to my MSN Messenger, will infect my computer with a
virus. Is this true?
A. No, you can not be infected by a virus simply by adding a
person to your contact list. This is a common hoax that keeps
reappearing with different contact addresses specified.
Read more about the
MSN Contact List Virus Hoax
Q. I received an email that claims that my Hotmail (or Yahoo)
account will be terminated if I don't forward the message.
Could this be true?
A. No, this is an old hoax that has been circulating for several
years. Hotmail, or Yahoo, is not going to terminate an account
based on whether or not a specific email is forwarded.
Read more about the
Hotmail Account hoax
Q. I received a very disturbing email petition that claims
somebody is cramming live cats into glass jars to create
"bonsai kittens". Is this true?
A. Don't worry you can safely ignore this petition. Nobody is
making bonsai kittens. Although there is actually a website
that claims to teach people how to create bonsai kittens,
it is intended as a joke.
Read more about the
Bonsai Kittens Email Petition
Q. I received an email that claims that a scammer can take
control of a person's phone by posing as a technician and
asking him or her to key in 90#.
A. No, this is generally considered a hoax, although there
are rare exceptions where the information can be partially
correct. There have been a number of versions of the hoax
set in different parts of the world.
Read more about the
Nine Zero Hash Phone Scam Hoax
Discuss This Story
Virus Report: Weekly Virus Wrap-Up
Yet another variant of the Beagle worm,
W32.Beagle.AR@mm, has
been reported. This worm uses its own SMTP engine to spread and
uses spoofing. The attachment that arrives with infected emails
is a downloader that retrieves the actual worm from an external
source.
The subject of infected emails will be one of the following:
Re:
Re: Hello
Re: Hi
Re: Thank you!
Re: Thanks :)
Top virus threats at the moment are variants of the MyDoom and
Beagle worms. Symantec has removal tools available for these
worms. For more information, follow the links below:
W32.Mydoom@mm Removal Tool
W32.Beagle@mm Removal Tool
Email Worm Spoofing - Spoofing Explained
Internet Worm SMTP Engines Explained
Discuss This Story
A Better way of Answering your Hoax and Scam Enquiries
As each week goes by, I receive an increasing amount of email
enquiries about scams and hoaxes. I am committed to answering all
reader enquiries, and I'm very pleased that, by answering, I am
able to help in some small way to foil scammers and debunk hoaxes.
However, the large amount of email I receive means that I am less
and less able to respond to questions in a timely fashion.
Therefore, from now on, I will be moving away from email replies
and will begin handling all hoax and scam enquiries via the
Hoax-Slayer Forums. Since many enquiries cover the same topics,
your questions may have already been answered in the forums. Also,
forum members will be able to help each other by answering questions
or directing the poster to earlier questions on the subject. Thus,
the forums should provide a faster and more efficient mechanism for
answering your questions.
I am confident that the
forums will prove to be a better vehicle
for responding to your enquiries. To make it easier for people
to ask questions I have configured the "Hoaxes and Scams" section
of the
forums so that registration is not required.
Please note that you can still send scam or hoax examples or
comments that do not require a reply via email.
Discuss This Story
Tip of the Week: Create a "spam" Account
A simple but effective spam-control measure is to create a
secondary, "spam" email account.
A "spam account" (by my definition) is simply a spare email
address that is used on web sites that require you to provide
your email address. Many of these sites are likely to be above
board and will not misuse your email address. Unfortunately
however, there are some that will be unscrupulous enough to send
spam to the email address that you provide and even sell it to
other spammers. Thus, it is advantageous to have a disposable
spam account for online use.
If the spam account starts to attract too much junk email, it can
simply be discarded and a new account can be created. I've found
this to be quite an effective method of spam control. Of course,
this tactic is most effective if you start using a spam account at
the same time you start using your primary account. Once your
email address is on spam lists, it's probably going to stay there.
If your ISP provides extra email addresses as part of your package,
you could set up one of those as your spam account. Otherwise, you
could use a free account such as Hotmail or Yahoo.
Once you are confident that a particular site is unlikely to stoop
to spamming, you can easily update your details so that your primary
email account is used instead of your spam account
Discuss Spam Control Issues
Feedback from Readers and Site Visitors
This week, I have received many enquires regarding the
ShadowCrew.com Terrorist Prank Email.
The article about the fake
Hands of God photograph received a
great number of visitors over the last few days.
I have also received a substantial amount of email concerning
Nigerian Scams,
Lottery Scams and various
phisher scams.
If you have emailed an enquiry and not yet received a reply,
please be patient. I have received a very large amount of email
over the last few weeks and currently have a sizable backlog.
Also, please see the article above about using the forums instead
of email for enquiries.
Once again, thank you very much for all the examples and
comments you have sent.
Discuss This Story
The Hoax_Slayer Newsletter is published by:
Brett M.Christensen
Queensland, Australia
All Rights Reserved
©Brett M. Christensen, 2008
Questions or Comments
