If you have been using e-mail for more than a few weeks, perhaps you have received an e-mail message like the following:
If you receive an e-mail entitled “Bedtimes” delete it IMMEDIATELY. Do not open it. Apparently this one is pretty nasty. It will not only erase everything on your hard drive, but it will also delete anything on disks within 20 feet of your computer.
It demagnetizes the strips on ALL of your credit cards. It reprograms your ATM access code and screws up the tracking on your VCR and uses subspace field harmonics to scratch any CDs you attempt to play. It will program your phone auto dial to call only 900 numbers. This virus will mix antifreeze into your fish tank. IT WILL CAUSE YOUR TOILET TO FLUSH WHILE YOU ARE SHOWERING.
It will drink ALL your beer. FOR GOD’S SAKE, ARE YOU LISTENING?? It will leave dirty underwear on the coffee table when you are expecting company! It will replace your shampoo with Nair and your Nair with Rogaine.
If the “Bedtimes” message is opened in a Windows 95/98 environment, it will leave the toilet seat up and leave your hair dryer plugged in dangerously close to a full bathtub. It will not only remove the forbidden tags from your mattresses and pillows, it will also refill your Skim milk with whole milk.
******* WARN AS MANY PEOPLE AS YOU CAN.
Send to everyone.
The preceding is actually a hoax of a hoax.There is no shortage of hoax e-mail topics, though. Maybe you’ve heard the one about how Bill Gates is beta testing some secret new e-mail tracking program and will pay you for every address you forward the message to? Or maybe you got the inside tip about the $200 Nieman Marcus cookie recipe?
Any message that implores you to send it to your entire address book or bad luck will befall you and your computer will suffer a catastrophic meltdown is, by definition, a hoax. Just to make sure we’ve covered all of the bases, here are a few more of the most popular chain letter e-mail hoaxes that you can simply delete and save the rest of us from having to read them yet again:
■ There is no baby food manufacturer issuing checks as a result of a class action law suit.
■ Disney is not offering any free vacation for your help in sending their e-mail to everyone you know.
■ MTV is not offering backstage passes to anyone who forwards the message to the most people.
■ There is no kidney theft ring and people are not waking up in a bathtub full of ice with their kidney mysteriously removed.
■ There is no bill pending in Congress to implement a tax on your Internet usage.
The list goes on and on (and on and on) of hoax e-mail chain letters. Some of them have been traveling the globe for years. Small details may change here and there and then off they go around the Internet again.The majority do no harm other than to waste network bandwidth and people’s time. One particularly tenacious one causes some minor damage.
The Teddy Bear or JDBGMGR hoax has been around for awhile.The message comes from a friend of a friend to let you know that you may in fact be infected with this dreaded teddy bear virus.There are many variations of the message, but the gist of it reads as follows:
Hi, everybody: I just received a message today from one of my friends in my Address Book. Their Address Book had been infected by a virus and it was passed on to my computer. My Address Book, in turn, has been infected.
The virus is called jdbgmgr.exe and it propagates automatically through Messenger and through the address book. The virus is not detected by McAfee or Norton and it stays dormant for 14 days before it wipes out the whole system. It can be deleted before it erases your computer files. To delete it, you just have to do the following.
It then goes on to let you know exactly where you can find this insidious file. Lo and behold, there really IS a file there with a teddy bear icon.The catch with this hoax is that the jdbgmgr.exe file with the teddy bear icon is a standard file that is installed with many versions of the Microsoft Windows operating system, not an infected virus file.
Inevitably, someone will receive this message and feel compelled to share the information as quickly as possible with everyone they know. One or two of those people will also fall for this hoax and propagate it to their entire address book, and so the domino effect continues.
Here are some things to look for and some precautions to take to try to keep yourself from falling prey to one of these hoaxes and continuing to perpetuate this insanity. First of all, if there are more than ten e-mail addresses in the To: or CC: fields you might want to question it. People don’t generally send legitimate messages to such a broad range of addresses.
If the actual message is five levels down because it’s a forward of a forward of a forwarded message, it is most likely some form of hoax or chain letter e-mail. If it implores you to forward it quickly or send it to everyone you know, it is most like a hoax or chain letter e-mail. Even if it claims that the information has been authenticated or validated with a reputable source it does not mean that it has. In fact, the simple statement claiming that it has been verified with a reputable source is reason to believe that it has not and also suggests that there is a good likelihood that the message is a hoax or chain letter e-mail.
It is fairly safe to assume that you will never receive a legitimate e-mail message that you actually need to forward to everyone you know. If you ever have any doubts about a message, check it out in one of the many hoax databases like Snopes (www.snopes.com) or the About.com Antivirus Hoax Encyclopedia (http://antivirus.about.com/library/blenhoax.htm) or at an antivirus vendor Web site like McAfee (http://vil.nai.com/vil/hoaxes.asp). Even if you don’t find it on one of these hoax reference sites, you should send it to your network administrator or the tech support or customer service from your ISP rather than to the world as you know it.
A phishing scam is a different and more malicious form of e-mail scam. Phishing, an adaptation of the word “fishing,” involves sending an e-mail out to a large number of addresses with some bait and seeing how many naïve users you can hook.Typically, the goal of a phishing scam is to acquire usernames and passwords to financial sites such as banking institutions or PayPal in order to get into the accounts and remove the money from them.
Phishing scams are often very sophisticated, with a very professional look and feel designed to mimic the real institution being targeted. In early 2004, the Gartner Group reported a significant spike in phishing scams. By Gartner estimates the number of people who have been victimized by phishing scams is approaching the two million mark.
A phishing scam usually involves creating an elaborate replica of the target company’s Web site. Past phishing scams have involved companies like Best Buy,AOL, EBay, PayPal, and Citigroup. An e-mail is then sent out to millions of users designed to look as if it is from the targeted company and using some form of social engineering to convince the user to click on a link that will take them to the malicious replica site. Users may be asked to enter information such as their username, password, account number, and other personal or confidential information. After the attackers have gathered this information, they can then access your account and move or redirect your money to their own account.
Typically, users end up protected and the company or financial institution takes the loss for any money that victims of the phishing scams might lose.There have been suggestions though that perhaps users should just know better or have more common sense and that, in effect, the attacker didn’t “steal” anything because the user volunteered the information and gave them the keys to the vault.
It can be very difficult to detect a phishing scam. Both the e-mail bait and the replica Web site are generally very professionally done.The best bet to protect yourself is to remember that no reputable company will ask you to give them your username and password or other confidential and personal information on a Web site.
Under no circumstances should you use the link within the e-mail to connect to the company’s Web site. One of the prevailing suggestions for handling phishing scams is to tell users that if they receive an e-mail that they are not sure about, they should close the e-mail and visit the company Web site on their own and figure out how to contact customer service for that company for more information.
This advice falls a little short though. Not only should you not use the link in the e-mail, but you should completely shut down your e-mail client program and close all Web browser windows.The attacker may have somehow executed a script or performed some other malicious magic that might redirect you to a replica site.
After you have completely shut down your e-mail client and closed all browser windows, you can then open a new browser window and visit the Web site of the company in question.
