Hoaxes – CompTIA Security+ SY0-501 – 1.2

A fake attack can consume as many resources as a legitimate security breach. In this video, you’ll learn about hoaxes and how they can fool your users out of their money and data.

<< Previous Video: Shoulder Surfing Next: Watering Hole Attacks >>


In IT security, we tend to spend a lot of time dealing with hoaxes. These are security threats that seem like they could exist but in fact are not real at all. But they consume a lot of time. You’re opening tickets, you’re checking someone’s machine. You’re looking at email messages that have been forwarded to you.

That’s a lot of wasted time over something that ultimately doesn’t exist. These hoaxes come to us in many different ways. It might be sent to us over an email. We might see a posting on Facebook or LinkedIn. Or we could see a tweet that has something in it that doesn’t seem quite right.

Sometimes, these hoaxes are designed to take your money. They’re warning you of a problem and you need to pay this particular issue so that this problem will go away. This is something that you have to be very particular about, because the bad guys have gotten very good at making these hoaxes look very, very real.

Sometimes, hoaxes about a virus can waste as much time as dealing with an actual virus. So be very careful of what you’re seeing on the screen and make sure that if you aren’t quite certain that you get someone else involved to maybe get a second opinion of exactly what you’re seeing.

Here is a hoax that’s been around for perhaps longer than the internet. Bill Gates is sharing his fortune. If you forward this email, Microsoft can and will track it. Perhaps that’s true or not true. But what they’re saying is that Microsoft will pay you $245 for every person you send it to the forwards it on, Microsoft will pay you $243– where are they getting these numbers from?

Obviously, this is not real. Although Bill Gates is sharing his fortune in many ways, he’s not sharing it with you, and certainly not sharing it based on how many people receive this email message. Here’s a more recent version of a hoax. This is one where someone goes to a website and suddenly a message pops on the screen. This is warning.

System may have detected viruses on your computer. Already, we can see something not quite right with the grammar. System may have found two malicious viruses and they list out the viruses. Your personal and financial information may not be safe. But thankfully, there’s a phone number we can call where someone can get on the phone with us, remotely connect to our computer, and then charge you for removing a virus that never existed on your machine to begin with.

Rule number one on the internet is not to believe anything you say. So you want to be very careful about these messages and e-mails that pop up. Two good sites to cross-reference some of these hoaxes might be hoaxslayer.net or Snopes.com. You can take the hoax, put a search into those web sites, and see if anybody else is seeing the same hoax on their machine.

Spam filters can help, especially these days where you have cloud spam filters where other people who have already received this email can mark it is something that is malicious. And by the time it gets to you, it’s already been filtered out. And of course, if it sounds too good to be true that Bill Gates has suddenly decided to pay me for sending e-mails, then obviously it’s probably a hoax. Make sure you’re checking your email messages and the things you’re seeing in your browser and that you are also not falling for any of these hoaxes.