Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    Subscriptions    Contact
Bookmark and Share

Issue 41 - Hoax-Slayer Newsletter

Issue 41: 14th October, 2004

This week in Hoax-Slayer:
Read Previous Issues

HIV Infected Blood in the Ketchup Hoax

Like many other hoax messages, this email forward warns of a sickening and unusual danger lurking among the commonplace items and places of our daily lives. In this case, the supposed danger is HIV infected blood mixed with ketchup in a fast food outlet.

As is often the case with such bogus warnings, the details in the email are extremely vague. The alleged perpetrator is identified only as "a man", and the type and location of the fast food outlet is omitted completely. The message does not indicate if the person has actually been apprehended or is still apt to be lurking around the condiments in your local burger joint, with deadly blood specimens at the ready. Thus, there is no way of verifying the information contained in the email, which, I dare say, was how the creator of the hoax intended it.

There does not appear to be any mention of such a case in the mainstream media. If it were true, such a story would be eminently newsworthy. It is highly unlikely that such a juicy little tale would be left to spread via email alone if there were any truth in it whatsoever. Legitimate news outlets would have been quick to cover the story. By asking recipients to send the message to "as many people as possible" the email implies that adding HIV infected blood to ketchup dispensers might be a frequent occurrence. If this were really the case, health authority containment strategies would almost certainly have been implemented to protect consumers and, again, the case would have attracted extensive publicity.

It also should be noted that the chances of a person contacting HIV by ingesting infected blood mixed with ketchup are extremely remote. According to the Centers for Disease Control & Prevention (CDC), "Scientists and medical authorities agree that HIV does not survive well outside the body, making the possibility of environmental transmission remote." The article explains that the virus cannot reproduce outside a living host except under laboratory conditions. Thus, even if infected blood was added to ketchup, the virus would not survive for long, nor would it reproduce itself. This hoax is by no means the first to claim that innocent victims are at risk of being infected by HIV via the malicious placement of infected material. The long-lived, and widespread, HIV needle hoax falsely warns that HIV infected needles are being deliberately left on theatre seats, petrol (gas) pump handles and phone-booth coin returns.

Like other hoaxes, such as the roach eggs hoax, this infected blood in the ketchup hoax relies for effect on the revulsion factor. The thought of consuming HIV infected human blood would be enough to put even the most ardent fast food lover off his or her burger and fries. So perhaps this ridiculous piece of email nonsense has just a smidgin of value. Perhaps, after receiving this email, some will forgo their usual deep-fried artery-clogger and opt for a garden salad instead. Mind you, do you really know what's in that salad dressing?(grin)

An example of the hoax email:

This is something you may want to take note of: ONLY USE KETCHUP FROM THE PACKET IN FAST FOOD OUTLETS!!

A man was caught placing blood in the ketchup dispenser at a fast food outlet (to remain unnamed) within the last month. It is believed that he is HIV+.

So be sure to let your friends/family know...only use items that come in a closed packet.

Discuss This Story


Mortgage Spam on the Rise

One of the most common types of unsolicited email hitting inboxes at the moment is that promoting mortgage services. Many of the emails imply that the recipient has already been approved for a loan by making a vague statement such as "we are accepting your mortgage application". These emails are basically just poorly implemented tricks to get recipients to click on the link provided and fill out a form. Gullible recipients may believe that they are actually being offered a loan.

A lot of the sites seem to only last a few days before they are taken down. A great deal of personal information has to be entered into the form. This information could then be used for nefarious purposes such as highly targeted spamming via email, surface mail and telemarketing. The information could also be sold to other spammers. If enough information is provided, scammers might even be able to steal the person's identity. The spam linked "mortgage application" sites I've examined look very suspect to me. Often they consist of just one page containing a form. There is no Privacy Policy or legal document, no information about the company offering the service and no contact options other than the form provided. Often,the form is not secure, which is a good indication that the site is not legitimate. No credible company would expect potential clients to submit information via an unsecured form. A Washington Post article reports that the US based Federal Trade Commission (FTC) took legal action against one online entity, 30 Minute Mortgage Inc, "that had advertised 3.95 percent, 30-year mortgages, hoping to obtain sensitive information, including Social Security numbers, from consumers for resale."

Some of the companies advertised in mortgage spam might actually be providing some form of mortgage related services rather than just trying to harvest personal information. Often these companies offer pay-per-lead affiliate programs. That is, people can sign up as affiliates and every time somebody clicks their special link and fills in a form, they receive a commission. This sort of affiliate program can be a perfectly legitimate means of doing business so long as it does not involve spamming or other under-hand tactics. Legitimate companies that offer pay-per-lead affiliate programs will not tolerate spamming and affiliates who do so will have their contracts terminated. In fact, some quite legitimate mortgage companies such as offer affiliate programs, but they have strict anti-spam policies outlined in their affiliate operating agreements.

My personal policy is to never deal with spammers, regardless of how attractive their offer may seem. If they are unscrupulous enough to send unsolicited email, or allow their affiliates to send unsolicited email, then they have immediately proven themselves to be untrustworthy and they will never get my business.

Subject: Re: Submission

Important Information: (Application Confirmation)

We are glad to inform you that we recieved your application request on Thursday, however, before we can pre-approve you at one low fixed rate. We need for you to take a moment to confirm/update any information as needed. Once reviewing your application the process will not take any longer than 24 hours, you will be contacted shortly with up to four lenders offers.

Secure Application [LINK REMOVED]

You are recieving this because you or someone sent a request. If you feel you recieved this based on an error or did not request we sincerely apoligze for any inconvenience this may of caused you.

Discuss This Story


MSN Shutdown Hoax

Another apparently unfounded rumour that targets MSN is currently circulating. The email claims that MSN "will shut down at 12:00 tonight" and will remain shutdown for a "week or so". The message doesn't specify a date, which means that the deliberately vague timeframe of "tonight" will still appear valid to the unwary regardless of what date they actually receive it. In fact, this hoax will probably mutate and keep on making the rounds for months to come.

There is nothing on the MSN home page about any scheduled shutdown. In the highly unlikely event that MSN was actually going to shut down for a week, I'm sure that they would let their clients know about it via their home page or other means. Furthermore, any notification sent by MSN about the shutdown would certainly be a lot more formal and informative then the silly message quoted below.

This hoax is similar to the long running Hotmail Account Hoax, which claims that the recipient's Hotmail account will be shutdown if the message is not forwarded. Like the Hotmail hoax, this one should be deleted rather than forwarded.

we are very sorry for the problems that MSN are having but they will be fixed. MSN will shut down at 12:00 tonight for a week or so until we can figure out what has been going on. please send this once again to at least 25 people it doesn't matter if they are the same people just do it so that we will not shut your account down thank you

Discuss This Story


Virus Report: Weekly Virus Wrap-Up

The list below represents some of the most significant new virus threats identified by Symantec Security Response over the last few days.

A new worm known as W32.Funner is spreading via the Microsoft Windows Messenger application. The worm modifies the hosts file by adding a number of entries that point to external IP addresses.

W32.Fili.A@mm is a worm that spreads using Microsoft Outlook, peer-to-peer file sharing networks and mIRC. Infected emails will have one of the following subject lines:

Important legal notice!
Please help us to save the right of freedom of expression!
Please help us be free! We need the basic right of expression

W32.Bagz@mm is a worm that collects email addresses from the infected computer and uses it own SMTP engine to spread. The "From" field of the infected email will be spoofed. The subject line of the infected email will be one of the following.

Re: User ID Update
Fwd: Your Funds are Eligible for Withdrawal
find a solution with this customer
No Subject
Re: Help Desk Registration
failure notice
Fwd: Password
when should i call you?
RE: Re: A question
Knowledge Base Article
Open Invoices
Returned mail: see transcript for details
building maintenance
[Fwd: Broken link]
troubles are back again
Order Approval
units available
progress news
big announcements
Need help pls
You have recieved an eCard!
What is this ????
Deactivation Notice
Message recieved, please confirm
My funny stories
Cost Inquiry
Re: payment
Webmail Invite
RE: quote request

Discuss Virus and Security Issues


Lottery Scams Continue

Every week I receive dozens of lottery scam emails, either as submitted examples or directly from the scammers. I also receive many enquiries from people who have already lost money to lottery scams or are concerned because they have submitted information to the scammers.

Basically, these scams work like this:

You receive an unsolicited email, letter or fax, which states that you have won a major prize in an international lottery. Supposedly, your email address was collected online and attached to a random number that was subsequently entered in a draw for the lottery. In order to claim your prize, you are instructed to contact the official "agent" in charge of your case. You are also advised to keep the win confidential for "security reasons". This part of the scam is basically a random phishing expedition. If you respond in any way to the email, the scammers will send further messages or even contact you by phone in an attempt to draw you deeper into the scam.

You may be asked to provide banking details, ostensibly to facilitate the transfer of your winnings. Sooner or later, the scammers will request some sort of advance fee supposedly to cover administration, legal or delivery costs. This request for money is the main purpose of the scam. At its core, this scam is just a reworking of the Nigerian loan fraud, in which scammers also eventually ask for upfront fees to facilitate the "deal". Like Nigerian scams, victims who do actually pay the requested fees will probably find that they receive continuing payment demands to cover "unexpected expenses". The requests for money will go on until the victim realizes what is happening or has no further money to send.

The details of the lottery scams vary regularly with regard to the name of the lottery itself, the country of origin, the sponsoring organization, the amount of the "prize" and other particulars. The scammers try to add a patina of legitimacy to their claims by mentioning real financial institutions, government departments or well-known companies. They may also provide links to slick looking, but fraudulent websites that are designed to back up information included in the scam emails. If the scammers are successful in establishing a dialogue with a potential victim, they may provide "proof" such as a scanned image of a supposed government official's ID and even photographs of the "winnings" in cash.

If you receive one of these scam emails, it is important that you do not respond to it in any way. The scammers are likely to act upon any response from those they see as potential victims. Sometimes, recipients submit a great deal of personal information before realizing that they are being conned. Even if they stop responding and have not sent any money, the scammers may have already gained enough personal information to commit identity theft.

Read more information about Lottery Scams

A current example of a lottery scam email is included below:


Dear Sir/Madam, We are pleased to inform you of the result of the winners in our International Lottery Program held on the 30th of Aug, 2004. Your e-mail address attached to ticket number 27522465896-6453 with serial number 3772-554 drew lucky numbers 7-14-18-31-45 which consequently won in the 2ND category, you have therefore been approved for a lump sum pay out of 750,000 EUROS (seven hundred and fifty thousand Euros) CONGRATULATIONS! Due to mix up of some numbers and names, we ask that you keep your winning information confidential until your claims have been fully processed and your money Remitted to you. This is part of our security protocol to avoid multiple claims and unwarranted abuse of this program by some participants. All participants were selected through a computer ballot system drawn from over 20,000 company and 30,000,000 individual email addresses and names from all over the world. This promotional program takes place every five years. This lottery was promoted and sponsored by a conglome rate of some multinational companies in europe as part of their social responsibility to the citizens in the communities where they have operational base. We hope with part of your winnings you will take part in our next year Ten million Euros international lottery. To file for your claim, please contact our fiducial agent: Godson Cook Reply Email Remember all winning must be claimed not later than 25th of oct 2004. After this date all unclaimed funds will be included in the next stake. Please note in order to avoid unnecessary delays and complications, remember to quote your reference number and batch numbers in all correspondence. Furthermore should there be any change of address do inform our agent as soon as possible. Congratulations once more from our members of staff and thank you for being part of our promotional program. Note: Anybody under the age of 18 is automatically disqualified. Yours Sincerely, Daniel Brickfield International Lottery (co-ordinator) N.B: Any breach of confidentiality on the part of the winners will result to disqualification. Please do not reply to this mail. Contact your claims agent

Discuss This Story


Clever and Interesting Webpage

I have recently exchanged links with a site that I feel is exceptionally clever and unusual so I thought I would mention it here. It is very amusing and well worth a visit.

Site description:
What will shopping be like in the fourth millennium? What will be available for the well appointed home? Aurelio O'Brien uses his skills as an animator to help us imagine just such a future with this amusing spoof of on-line shopping.

You can access the site via the link below:

Discuss This Story


Hosting Problems now Resolved

Over the last two weeks I have experienced significant technical problems with my hosting account. The problems mean that email sent to my Hoax-Slayer accounts may have been lost, and site visitors may have encountered a number of "Page not found" errors.

These problems were beyond my control, as they had to be dealt with by the hosting company. The problems have now been resolved, at least in the short term.

If you have sent email to me within the last two weeks, please note that I may not have received it, so you might like to repost your message. I regret any inconvenience these problems may have caused you.

Also, just a reminder that the Hoax-Slayer Forums are the best place to ask scam and hoax related questions.

Discuss This Story


The Hoax_Slayer Newsletter is published by:
Brett M.Christensen
Queensland, Australia
All Rights Reserved
©Brett M. Christensen, 2008
Questions or Comments