Hotmail chain letter still tops hoax list

Tricksters continue to give security administrators a headache.

This Content Component encountered an error

It's spam! It's a worm! It's the No. 1 e-mail hoax for nine months running!

Actually, it's the Hotmail chain letter. Millions of Hotmail users have gotten it, continue to get it and will probably keep it clogging up mailboxes for years to come, making it just as disruptive and costly as a genuine virus.

Sophos, an antivirus and antispam software vendor, has begun announcing the top reported hoaxes, as well as viruses, each month. In April, the No. 1 hoax was the Hotmail chain letter, beating out the "Bill Gates fortune" and the "Budweiser frogs screensaver" for most prevalent time-waster on the Internet.

The Hotmail chain letter has been around since at least December 1999. It originally warned recipients that Hotmail was "deleting all inactive users accounts" unless the user would "forward this on to at least 10 registered Hotmail users." Subsequent variations have upped the required number of forwards to 15 and 20, hinted at free new features and targeted Yahoo e-mail and AOL instant messaging customers. All versions feature common misspellings, grammatical errors and odd word choices that Microsoft would be unlikely to send to customers.

These kinds of e-mails are clearly oriented toward unsophisticated users who don't realize that the e-mail host probably knows whether they're using their account or not. If there's no malicious payload, what's the big deal?

Sophos said hoaxes can be just as disruptive and costly as a genuine virus. Other antivirus experts say sometimes they can even be worse. "Hoaxes are worse, because it's very difficult to disprove them if someone believes them in the first place," said Roger Thompson, vice president of product development at PestPatrol in Carlisle, Penn.

The fact that it's a human who's spreading this useless e-mail doesn't make it more benign than malware that finds recipients automatically. Hotmail has more than 60 million users: even if only a tiny percentage fall for this -- a big if -- that's still a lot of people spreading a chain letter, and a lot of unnecessary e-mail seeding the next generation of the unwary.

One countermeasure is to ask employees to consult antihoax Web sites like www.hoax-slayer.com and www.snopes.com. Then may we'd all be able to devote more time to contemplating these attractive financial offers from Nigeria.

Dig deeper on Security Awareness Training and Internal Threats-Information

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close