How to Identify a Hoax

There are several methods to identify virus hoaxes, but first consider what makes a successful hoax on the Internet. There are two known factors that make a successful virus hoax, they are: (1) technical sounding language, and (2) credibility by association. If the warning uses the proper technical jargon, most individuals, including technologically savy individuals, tend to believe the warning is real. For example, the Good Times hoax says that "...if the program is not stopped, the computer's processor will be placed in an nth-complexity infinite binary loop which can severely damage the processor...". The first time you read this, it sounds like it might be something real. With a little research, you find that there is no such thing as an nth-complexity infinite binary loop and that processors are designed to run loops for weeks at a time without damage.

When we say credibility by association we are referring to whom sent the warning. If the janitor at a large technological organization sends a warning to someone outside of that organization, people on the outside tend to believe the warning because the company should know about those things. Even though the person sending the warning may not have a clue what he is talking about, the prestige of the company backs the warning, making it appear real. If a manager at the company sends the warning, the message is doubly backed by the company's and the manager's reputations.

Individuals should also be especially alert if the warning urges you to pass it on to your friends. This should raise a red flag that the warning may be a hoax. Another flag to watch for is when the warning indicates that it is a Federal Communication Commission (FCC) warning. According to the FCC, they have not and never will disseminate warnings on viruses. It is not part of their job.

CIAC recommends that you DO NOT circulate virus warnings without first checking with an authoritative source. Authoritative sources are your computer system security administrator or a computer incident advisory team. Real warnings about viruses and other network problems are issued by different response teams (CIAC, CERT, ASSIST, NASIRC, etc.) and are digitally signed by the sending team using PGP. If you download a warning from a teams web site or validate the PGP signature, you can usually be assured that the warning is real. Warnings without the name of the person sending the original notice, or warnings with names, addresses and phone numbers that do not actually exist are probably hoaxes.

The contents of all pages [and other material] on our site are copyright Martin Overton 1997-2007, or other stated author. All rights are reserved.
Reproduction, transfer, distribution or storage of part, or all of the contents in any form without the prior written permission of Martin Overton or the Copyright owner is prohibited.