Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    Subscriptions    Contact

Site Navigation


Issue 44 - Hoax-Slayer Newsletter

Issue 44: 4th November, 2004

This week in Hoax-Slayer:

Hoax-Slayer is a Free Monthly Web-Based Newsletter brought to you by Brett Christensen

The Hoax-Slayer Newsletter keeps you informed about the latest email hoaxes and current Internet scams. Hoax-Slayer also features anti-spam tips, computer security information, pertinent articles and more.

As soon as the newsletter is published each month, subscribers are sent a notification email with a direct link to the latest issue. The Hoax-Slayer Newsletter is absolutely free and you can easily unsubscribe at any time either by following a link in the notification email or visiting the Hoax-Slayer Unsubscribe page.

To get your free subscription, enter your complete email address in the form below and click the "Subscribe" button. Concerned about giving out your email address online? I will never sell or give away your email address, or any other personal information, for any reason what so ever.

Read the Hoax-Slayer Privacy Policy for more information.

Subscribe to the newsletter via RSS feed

Subscription Options in Detail

Breast Cancer Site Email (Not a Hoax)

A fairly regular visitor to inboxes around the world is an email that asks people to visit the Breast Cancer site and click on a button to help pay for mammograms for underprivileged women. Although the email has some of the characteristics of a hoax, the information it contains is true. The Breast Cancer site is real and money paid by site advertisers does indeed go towards providing free mammograms. This is a worthy cause and I would encourage readers to visit the site and click on the "Fund Free Mammograms" button.

From the site FAQ:
The Breast Cancer Site ( is an online activism site that gives Internet users a free and easy way to help reduce the number of mothers, sisters, daughters and friends lost to breast cancer. In seconds, visitors to The Breast Cancer Site can click on the "Fund Free Mammograms" button and, at no cost to them, help fund a free mammogram for an underprivileged woman. Mammography is one the best-known methods of early detection of breast cancer, and early detection is the key to survival and better treatment options. Provision of free mammograms is carried out through the National Breast Cancer Foundation and paid for by The Breast Cancer Site's sponsors. The Breast Cancer Site was founded on October 23, 2000.

An example of the email message:
Subject: Breast Cancer Site

I know you are busy but....
A Favor to Ask
It only takes a minute....

Please tell ten friends to tell ten today! The Breast Cancer site is having trouble getting enough people to click on it daily to meet their quota of donating at least one free mammogram a day to an underprivileged woman .

It takes less than a minute to go to their site and click on "donating a mammogram" for free (pink window in the middle).

This doesn't cost you a thing.

Their corporate sponsors/advertisers use the number of daily visits to donate mammogram in exchange for advertising.

Here's the web site! Pass it along to people you know.

Discuss This Story


PayPal Phisher Scam Email

A number of phisher scam emails have been targeting the online payment company, PayPal over the last week or so. I have received several identical scam messages to different Hoax-Slayer email accounts with the subject line "PayPal Very Important Warning". An example of the scam email is included below.

The scam email is cleverly formatted to closely resemble an official PayPal message and includes PayPal logos and links that lead to real PayPal and eBay web pages. However, the account log-in link in the bogus email leads to a fraudulent website that is virtually identical to the real PayPal log-in page. Links and buttons on the fake website also lead to real PayPal web pages in an effort to further convince victims that the page is genuine.

During my investigation of the scam example I have included below, I logged on to the fake site using a made up user name and password. I was then presented with a web form that requested information such as credit card details, address details, social security number, bank account numbers and more. Information submitted via this form will be sent directly to the scammers.

Even though I provided an invalid user-name and password, the fake site still "let me in" and requested sensitive information. Neither the fake log-in page nor the web form itself were secure. That is, they did not have "https://" in the web address and the lock icon was not present in the web browser status bar. If a user entered invalid log-in details into the real PayPal sign-in page an error message would result. Also, the real sign-in page and any form that you were required to fill out would definitely be secure pages on the legitimate PayPal site

At this point I would like to stress that clicking on the links in scam emails is an unacceptable security risk that should be avoided. Sometimes, clicking such links can open a webpage that allows a malicious program such as a Trojan to be downloaded to your system. I accessed and examined the bogus website under controlled conditions so that I could offer a more detailed analysis of this phisher scam. Normally, the best course of action if you receive a phisher scam email is to delete the message or forward it to the company targeted, without clicking any of the links provided.

I have noticed that phisher scams have become increasingly sophisticated over the last year or so. Earlier phisher scam emails could often be easily identified by poor presentation, spelling and grammar. However, it seems that the scammers have effectively honed their skills in what has proven to be an exceptionally lucrative enterprise for them. As this PayPal example illustrates, newer phisher scam emails are near clones of the real thing and it is not surprising that they continue to gain new victims every day.

Any unsolicited email that advises you to click on a link and provide sensitive information on a web page should be treated as a possible phisher scam. It is highly unlikely that any legitimate company would use such a method.

More information about phisher scams

Notification of Limited Account Access
Dear Customer,

PayPal is committed to maintaining a safe environment for its community of buyers and sellers. To protect the security of your account, PayPal employs some of the most advanced security systems in the world and our anti-fraud teams regularly screen the PayPal system for unusual activity.

Recently, our Account Review Team identified some unusual activity in your account. In accordance with PayPal's User Agreement and to ensure that your account has not been compromised, access to your account was limited. Your account access will remain limited until this issue has been resolved. This is a fraud prevention measure meant to ensure that your account is not compromised.

In order to secure your account and quickly restore full access, we may require some specific information from you for the following reason: A recent review of your account determined that we require some additional information from you in order to provide you with secure service.

Case ID Number: PP-051-384-664

We encourage you to log in and restore full access as soon as possible. Should access to your account remain limited for an extended period of time, it may result in further limitations on the use of your account or may result in eventual account closure.

click the link below and enter your Case ID Number on the following page to access your account. Click here to access your account

Thank you for your prompt attention to this matter. Please understand that this is a security measure meant to help protect you and your account. We apologize for any inconvenience.

PayPal Account Review Department Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the footer of any page.

To receive email notifications in plain text instead of HTML, update your preferences here. []

PayPal Email ID PP468


Virus Report: Weekly Virus Wrap-Up

The list below represents some of the most significant new virus threats identified by Symantec Security Response over the last few days.

Several variants of the Beagle worm have been spreading. Symantec has given one of these, W32.Beagle.AV@mm, a threat severity assessment level of 3 out of 5. This worm spreads via email and file sharing networks. The "From" field of infected emails will be spoofed and the subject will be one of the following:
* Re:
* Re: Hello
* Re: Hi
* Re: Thank you!
* Re: Thanks :)

A removal tool for the Beagle worm is available.

VBS.Yeno.C@mm is worm that sends itself to email address harvested from the Microsoft Outlook address book. Infected emails will have the following subject line and body.

Fw: I give you again

Email Body:
Spidey has give you some password of xxx site (cute) Spidey

Another variant, VBS.Yeno.B@mm, has very similar characteristics.

Internet Worm SMTP Engines Explained
Email Worm Spoofing - Spoofing Explained

Discuss This Story


Mobile Phone Virus Hoax

Variants of this hoax have been circulating since 1999. The information in the email is completely untrue and has certainly not been "confirmed by both Motorola and Nokia". If a virus had really destroyed the mobile phones of 3 million US users it would be a major news story around the world. There is nothing on the CNN site about this virus nor does a search of Google News reveal any articles that confirm the story.

However, there are legitimate news articles about a real mobile phone virus that was discovered back in June 2004. This worm, dubbed "Cabir" is basically a "proof of concept" virus and does little damage. reports that the first outbreak of this virus "in the wild" occurred in Singapore in early October. Although Cabir is virtually harmless, it does indicate that mobile phone virus attacks are possible and may become a significant threat in the future. News of Cabir may also be giving new life to this old mobile phone virus hoax.

The "warning" should be deleted without forwarding. Any "virus warnings" received via a forwarded email should not be taken at face value. Always take the time to confirm the information at a reputable anti-virus website.

Subject: FW: URGENT message for mobile phone users!!!

URGENT message for mobile phone users!!!Please be careful and mindful! All mobile users pay attention if you receive a phone call and your mobile phone displays ( ACE ) on the screen don't answer the call. END THE CALL IMMEDIATELY if you answer the call, your phone will be infected by a virus. This virus will erase all IMEI and IMSI information from both your phone and your SIM card, which will make your phone unable to connect with the telephone network.

You will have to buy a new phone. This information has been confirmed by both Motorola and Nokia. There are over 3 Million mobile phones being infected by this virus in USA now. you can also check this news in the CNN web site.


Discuss This Story


Thunderbird Email and News Client

If you are looking for a sleek, efficient and safer alternative to Outlook Express, then you might like to check out the Mozilla Thunderbird email and news client. Thunderbird has a user friendly and elegant interface and Outlook Express users should have little trouble making the transition.

Thunderbird has an excellent built-in spam filter that makes handling junk mail very simple. It is also safer and more secure than some other email clients. Thunderbird will not allow email worms to execute automatically. Also, it will not allow script code to be run just by opening a message unless you have specifically configured it to do so.

It offers support for multiple accounts, an excellent built in spell-checker, a number of ways to sort your mail and many more features. Another plus is that Thunderbird is a cross-platform application that is available for Windows, Linux and Macintosh operating systems.

I have now been using Thunderbird for several weeks and it has proven to be quite stable on my Windows XP system. And, by the way, Thunderbird is completely free!

Find out more about Thunderbird
Why You Should Use the Mozilla Thunderbird E-mail Program.

Have you say about Thunderbird


The Hoax_Slayer Newsletter is published by:
Brett M.Christensen
Queensland, Australia
All Rights Reserved
©Brett M. Christensen, 2008