Issue 40 - Hoax-Slayer Newsletter
Issue 40: 30th September, 2004
This week in Hoax-Slayer:
FDIC Phishing Scam
The FDIC (Federal Deposit Insurance Corporation) is just one of a
number of institutions that are currently being targeted by
phisher scammers. A recent scam email (see example below)
masquerades as a message from the FDIC that gives details about a
supposed "ATM/Debit/Check Card Protection Program". A link in
the email directed potential victims to a bogus web page designed
to resemble a page on the official FDIC site. The web page
requested sensitive personal information ostensibly to register
for the proposed "protection system". In fact, any information
provided would be acquired by the criminals behind the scam and
would likely be used to commit fraud and/or steal the victim's
identity. The information in the email is false and does not
originate from the FDIC.
It is highly unlikely that the FDIC, or any other legitimate
institution would request financially sensitive information via
email. If you receive such a request, do not reply and do not
click on any links provided. Contact the institution directly if
you have the slightest doubt regarding the veracity of a message.
You should also check the institution's real website, as
information about current phisher scams is often provided.
Read more information about phisher scams
Read more information about FDIC phisher scams
ATM/Debit/Check Card Protection Program
In cooperation with your bank and other major American banks the
FDIC has developed a new anti-fraud screening solution. This is
an effort to prevent the recent surge in credit, debit card fraud
and identity theft.
Discuss This Story
The system is an advanced neural network that scrutinizes card
transactions and ATM withdrawals to deliver a highly accurate
risk score by analyzing the spending behavior of each cardholder
along with the profile of each merchant and ATM. It will try to
detect and stop any suspicious or fraudulent ATM, debit or check
Register with our ATM, debit and check card protection program
and you can use your card to shop online, in a store, or withdraw
money at the ATM, and you'll be fully protected from unauthorized
use of your card or account information. With FDIC's Zero
Liability policy, your liability for unauthorized transactions is
$0-you pay nothing!
All major American banks will implement this system within a near
We continuously receive information from your bank such as your
e-mail, name, address and other personal information. Therefore
the registration process is fast and we probably have most of
your information on file already.
Note that this program only applies to your ATM, debit or check
card - which is linked directly to your checking account, not
Please take a moment and follow the link below to securely
register your card totally free of charge.
Walmart Fire Charity Hoax
Yet another absurd "charity" email is currently circulating. The
email presents the sad, and totally fictional, tale of a
six-year-old girl who was badly burnt in a Walmart fire. It
informs recipients that the child's family needs help to cover
medical expenses. Like similar charity hoaxes
, this one claims
that the email is being tracked and that money will be donated
every time the email is sent to others. In this case, the
company supposedly doing the donating is AOL. While AOL does
indeed direct some funds to charity, it certainly does not base
these donations on how many times a specified email is forwarded.
This hoax began hitting inboxes during 2003 but submissions
indicate that it is currently enjoying a comeback. The absurd
claim that AOL is tracking the email is enough to identify it as
a hoax immediately. Another indication of the email's status as
a hoax is the telling lack of details. The child is identified
only as "Sandy", other family members are not named at all, and
there is no indication of when or where the fire took place.
As stated, a charity campaign based solely on the forwarding
of an email is exceptionally unlikely. However, if such a
campaign did actually take place, verifiable details and
reference information would almost certainly be included in
The concept of individual emails being "tracked" is one shared
by a number of hoaxes. The only way to "track" a message would
be to embed some sort of code in the email and it would have to
be continually forwarded in HTML format for the code to continue
collecting and submitting data. The logistics of tracking an
email that could ultimately be forwarded thousands of times are
clearly problematical at best.
In any case, tracking an email in the way described would raise
all sorts of privacy issues and it is highly unlikely that any
ethical organization would knowingly participate in such a
An example of the hoax email:
A sister and her brother were inside the new Walmart built in
town. The sister at six years of age, the brother seventeen
years of age. The brother was fixing to buy a present for his
little sister on her birthday, but as soon as they were fixing
to leave she had to go to the bathroom. Her brother showed her
where it was, he started to look at some earrings she would
probably like for her next birthday. As he started to buy them
he saw people running from the end of the store screaming and
yelling with fear. Before he new it he smelled smoke and saw
fire, he ran to his little sister as fast as he could but when
he got to the bathrooms they were already on fire. He new he
had to get out as fast as he could to get help. But when the
firetrucks arrived it was already to late. Two days later the
family got a call from the hospital saying they have someone
there by the name of sandy. They asked "How did you get this
number"? The hospital said she was holding a purse in her hand
with a card that said her name and number on it. The family
drove to the hospital to see thier little angel. While they
looked at her, they noticed her arm was almost all the way
burnt off, and her face was so burned it needed surgery. But
the family didnt have enough to cover the bill.
Discuss This Story
So now the need you to help out!
Note: Every time you send this to three people aol will take away
$2.00 off the hospital bill.
DO NOT DELETE! AOL IS TRACKING THIS!
Hoax-Slayer FAQ's (Part Three)
Every week I receive a great many enquiries about scams and
hoaxes. Since many enquiries, and their answers, cover the same
material, I have condensed them into a set of Frequently Asked
Questions. This week I will cover several more email hoaxes that
are very common subjects of enquiries.
Q. I got a message that says that adding [specified email
address] to my MSN Messenger, will infect my computer with a
virus. Is this true?
A. No, you can not be infected by a virus simply by adding a
person to your contact list. This is a common hoax that keeps
reappearing with different contact addresses specified.
Read more about the MSN Contact List Virus Hoax
Q. I received an email that claims that my Hotmail (or Yahoo)
account will be terminated if I don't forward the message.
Could this be true?
A. No, this is an old hoax that has been circulating for several
years. Hotmail, or Yahoo, is not going to terminate an account
based on whether or not a specific email is forwarded.
Read more about the Hotmail Account hoax
Q. I received a very disturbing email petition that claims
somebody is cramming live cats into glass jars to create
"bonsai kittens". Is this true?
A. Don't worry you can safely ignore this petition. Nobody is
making bonsai kittens. Although there is actually a website
that claims to teach people how to create bonsai kittens,
it is intended as a joke.
Read more about the Bonsai Kittens Email Petition
Q. I received an email that claims that a scammer can take
control of a person's phone by posing as a technician and
asking him or her to key in 90#.
A. No, this is generally considered a hoax, although there
are rare exceptions where the information can be partially
correct. There have been a number of versions of the hoax
set in different parts of the world.
Read more about the Nine Zero Hash Phone Scam Hoax
Discuss This Story
Virus Report: Weekly Virus Wrap-Up
Yet another variant of the Beagle worm,
been reported. This worm uses its own SMTP engine to spread and
uses spoofing. The attachment that arrives with infected emails
is a downloader that retrieves the actual worm from an external
The subject of infected emails will be one of the following:
Re: Thank you!
Re: Thanks :)
Top virus threats at the moment are variants of the MyDoom and
Beagle worms. Symantec has removal tools available for these
worms. For more information, follow the links below:
W32.Mydoom@mm Removal Tool
W32.Beagle@mm Removal Tool
Email Worm Spoofing - Spoofing Explained
Internet Worm SMTP Engines Explained
Discuss This Story
A Better way of Answering your Hoax and Scam Enquiries
As each week goes by, I receive an increasing amount of email
enquiries about scams and hoaxes. I am committed to answering all
reader enquiries, and I'm very pleased that, by answering, I am
able to help in some small way to foil scammers and debunk hoaxes.
However, the large amount of email I receive means that I am less
and less able to respond to questions in a timely fashion.
Therefore, from now on, I will be moving away from email replies
and will begin handling all hoax and scam enquiries via the
. Since many enquiries cover the same topics,
your questions may have already been answered in the forums. Also,
forum members will be able to help each other by answering questions
or directing the poster to earlier questions on the subject. Thus,
the forums should provide a faster and more efficient mechanism for
answering your questions.
I am confident that the forums
will prove to be a better vehicle
for responding to your enquiries. To make it easier for people
to ask questions I have configured the "Hoaxes and Scams" section
of the forums
so that registration is not required.
Please note that you can still send scam or hoax examples or
comments that do not require a reply via email.
Discuss This Story
Tip of the Week: Create a "spam" Account
A simple but effective spam-control measure is to create a
secondary, "spam" email account.
A "spam account" (by my definition) is simply a spare email
address that is used on web sites that require you to provide
your email address. Many of these sites are likely to be above
board and will not misuse your email address. Unfortunately
however, there are some that will be unscrupulous enough to send
spam to the email address that you provide and even sell it to
other spammers. Thus, it is advantageous to have a disposable
spam account for online use.
If the spam account starts to attract too much junk email, it can
simply be discarded and a new account can be created. I've found
this to be quite an effective method of spam control. Of course,
this tactic is most effective if you start using a spam account at
the same time you start using your primary account. Once your
email address is on spam lists, it's probably going to stay there.
If your ISP provides extra email addresses as part of your package,
you could set up one of those as your spam account. Otherwise, you
could use a free account such as Hotmail or Yahoo.
Once you are confident that a particular site is unlikely to stoop
to spamming, you can easily update your details so that your primary
email account is used instead of your spam account
Discuss Spam Control Issues
Feedback from Readers and Site Visitors
This week, I have received many enquires regarding the
ShadowCrew.com Terrorist Prank Email
The article about the fake Hands of God photograph
great number of visitors over the last few days.
I have also received a substantial amount of email concerning
, Lottery Scams
and various phisher scams
If you have emailed an enquiry and not yet received a reply,
please be patient. I have received a very large amount of email
over the last few weeks and currently have a sizable backlog.
Also, please see the article above about using the forums instead
of email for enquiries.
Once again, thank you very much for all the examples and
comments you have sent.
Discuss This Story
The Hoax_Slayer Newsletter is published by:
All Rights Reserved
©Brett M. Christensen, 2008
Questions or Comments