Hotmail chain letter still tops hoax list

By Edmund X. DeJesus, Contributing Writer 06 May 2004 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

It's spam! It's a worm! It's the No. 1 e-mail hoax for nine months running!

Actually, it's the Hotmail chain letter. Millions of Hotmail users have gotten it, continue to get it and will probably keep it clogging up mailboxes for years to come, making it just as disruptive and costly as a genuine virus.

Sophos, an antivirus and antispam software vendor, has begun announcing the top reported hoaxes, as well as viruses, each month. In April, the No. 1 hoax was the Hotmail chain letter, beating out the "Bill Gates fortune" and the "Budweiser frogs screensaver" for most prevalent time-waster on the Internet.

The Hotmail chain letter has been around since at least December 1999. It originally warned recipients that Hotmail was "deleting all inactive users accounts" unless the user would "forward this on to at least 10 registered Hotmail users." Subsequent variations have upped the required number of forwards to 15 and 20, hinted at free new features and targeted Yahoo e-mail and AOL instant messaging customers. All versions feature common misspellings, grammatical errors and odd word choices that Microsoft would be unlikely to send to customers.

These kinds of e-mails are clearly oriented toward unsophisticated users who don't realize that the e-mail host probably knows whether they're using their account or not. If there's no malicious payload, what's the big deal?

Sophos said hoaxes can be just as disruptive and costly as a genuine virus. Other antivirus experts say sometimes they can even be worse. "Hoaxes are worse, because it's very difficult to disprove them if someone believes them in the first place," said Roger Thompson, vice president of product development at PestPatrol in Carlisle, Penn.

The fact that it's a human who's spreading this useless e-mail doesn't make it more benign than malware that finds recipients automatically. Hotmail has more than 60 million users: even if only a tiny percentage fall for this -- a big if -- that's still a lot of people spreading a chain letter, and a lot of unnecessary e-mail seeding the next generation of the unwary.

One countermeasure is to ask employees to consult antihoax Web sites like www.hoax-slayer.com and www.snopes.com. Then may we'd all be able to devote more time to contemplating these attractive financial offers from Nigeria.

Tags: Security Awareness Training and Internal Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security Awareness Training and Internal Threats Health Net healthcare data breach affects1.5 million Massive T-Mobile UK security breach involves insiders Secure your remote users in 2010 Layoffs prompt insider threat fears, cybersecurity survey finds How to use Internet security threat reports Creating a HIPAA employee training program Successful rogue antivirus hinges on social engineering External attacks start with unintentional mistakes, survey finds Security technologies fail to address insider threat management Data breach avoidance begins with security basics, panel says

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary dumpster diving  (SearchSecurity.com) Honeynet Project  (SearchSecurity.com) insider threat  (SearchSecurity.com) National Computer Security Center  (SearchSecurity.com) pretexting  (SearchCIO.com) shoulder surfing  (SearchSecurity.com) single-factor authentication (SFA)  (SearchSecurity.com) social engineering  (SearchSecurity.com) Total Information Awareness  (SearchSecurity.com) trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary