This story was originally published on October 25, 2008.
Admit it. Even you, a savvy veteran e-mail user, have fallen for one or more of these Internet rumors. Or, even if you weren't quite sure of the veracity of a particular story or photograph, you e-mailed it to your friends to amuse/warn them, or to see what they thought.
Don't be embarrassed, you're not alone. Despite our increasing technological sophistication, we seem to be as susceptible as ever to people determined to make suckers of us. After all, Internet hoaxes play on our human, not technical, vulnerabilities.
"These hoaxes use social engineering to trick people into doing what they otherwise wouldn't do," said Patrick Runald, chief security advisor for F-Secure, an Internet security firm. Graham Cluley, a senior security analyst with Sophos, a London-based security vendor, agreed. "The most successful hoaxes have been the ones that people had a real compulsion to forward. These things can't travel unless humans participate. And, unlike anti-virus software, we haven't found a way to upgrade the human brain," said Cluley.
A lot of times these hoaxes are based on engendering fear -- such as the virus hoaxes that periodically sweep over the Internet (keep reading). "At other times, they play off people's curiosity or vanity, or even desire to help others. In any case, although some might originate in a sense of lighthearted fun, "many are far from being harmless pranks," said Runald. "They can take a real financial and emotional toll."
Jim Graham, founder of the Web site HoaxBusters.org, which tracks and debunks Internet hoaxes, agrees. "Hoaxes can cause panic, anxiety, and stress to individual recipients," he said. "In the business world, they can lead to lost productivity, take up valuable network bandwidth, and present a serious security issue." Moreover, he said, "to a spammer, the addresses found in forwarded e-mails are like finding gold."
And the line between hoaxes and fraud can be very thin. Often attackers will build on the momentum that an especially widespread hoax has already achieved, said Zulfikar Ramzan, technical director at Symantec, which tracks online attempts to defraud consumers. "What often happens is that someone perpetrates a hoax -- say invents a fake news story -- and attackers take that and piggyback malicious code on top of it," he said. For example, the virus hoax claiming that opening an email with "An E-Card for You" would crash the recipient's computer eventually picked up an actual virus, said Bill Austin, who runs the Web site VirusHoaxBusters.com. "In effect, the hoax becomes the mechanism for the fraud," he said.
How common are Internet hoaxes? David Emery, the Urban Legends guide for About.com, hears about "several hundred a week. I can't begin to cover them all," he said. "It's quite a phenomenon and speaks to the nature of the Internet, about the gullibility of people, who tend to think that because something has been written down, or because there's a photograph, that it must be true."
Just in time for Halloween, InformationWeek interviewed a battery of security experts, Internet folklorists, and hoax watchdog groups to get their take on the most successful Internet hoaxes to date.