Hoaxes – CompTIA Security+ SY0-401: 3.3

We spend a lot of time and resources dealing with electronic hoaxes. In this video, you’ll learn about hoaxes and some resources that you can use to research suspicious email hoaxes.

<< Previous Video: ImpersonationNext: Whaling >>

Hoaxes are messages that are presented to us. They’re emails that we see that look like they could absolutely be real. And maybe they are something that tells us that we’re going to be getting money. Maybe they are a hoax that says there’s a particular virus or worm or security concern we should be aware of. But it’s not actually real.

And because of that, it can consume a lot of resources. Usually, it’s hitting something very particular about an organization. If you’re running Windows, here’s something you need to be aware of because everybody’s going to be attacked by this worm. When in reality, this worm doesn’t exist. There’s not a vulnerability associated with it.

And we get it through emails. And people will see the email and forward the email to the people they know who will forward the email to people they know. They’ll print it out. They’ll put it on boards in the organization.

They waste time. They waste resources. When we really could be doing something else to help really protect our systems and our environments.

And we’ll see this come in as an email. These days they come in as a tweet, as a Facebook post. They’re now– any way that we can see information coming in, we can see this pop up on these messages.

And these Facebook posts and tweets bring a personal level to this. With social engineering, we trust our friends. And if our friends are telling us about the hoax, well, then it must be really. It can’t possibly be fake.

Some hoaxes will take money. It’s not just a security concern. They’re telling you to send information and money right now to solve a problem, to get money brought into the states, to help somebody who’s stranded overseas. Maybe they’re hitting you through Facebook so you think this hoax is something you should be giving up your credit card information and wiring money across the pond. And in reality, it’s all a big hoax.

If this is something that is a big hoax that really hits people on a particular nerve, it could be a hoax about a virus that ends up spending a lot more time than an actual virus might be. So we have to combat this all the time and make sure people understand that when they get an email, they have to verify this information.

Hoaxes about viruses are not viruses. We shouldn’t be too concerned about that. The security people have ways to double check if the virus is actually a legitimate concern and have ways in place to prevent that virus from hitting our organization.

In fact, if you see an email come through that starts with, this is not a junk letter, well, then it’s probably a junk letter. It’s probably not real at all, especially when it tells me that Bill Gates is sharing his fortune and all I have to do is forward this email to friends and I’m just going to get a check from Bill Gates. What could be easier? Let me forward the email around.

That’s a very benign type of hoax, but it’s one that causes people to read it, waste time on it, forward it to other people, and it gets forwarded to other people and it sits in an inbox and takes up disk space and we have to back it up and it’s archived, et cetera, et cetera. So if we can get rid of the hoaxes then we can solve a lot of resource problems in our organization.

So keep in mind that if you get a message and it says that I have won money, don’t believe it. Believe nobody. It’s the internet. Hardly anything I’m getting in my inbox tends to be real and honest and true.

So I should naturally look at this with a little bit of skepticism. I should not immediately take it at face value. There are a lot of sites on the internet where you can cross reference this. So go to snopes.com, go to hoaxbusters.org, go to hoax-slayer.com and cross reference this.

If it’s worded and it looks like it could be legitimate then, of course, we should run it by some third parties and see if this is really the case. If you have spam filters, they may be able to look at this and immediately know, no, this is spam. I should throw it out. You’ll never see it show up in your inbox. There’s a lot of ways that you can filter this out so that it never appears in front of people’s eyeballs so that then they would want to do something with it.

And if it sounds too good to be true, that I simply get an email from the Swiss lottery saying that I’ve won $750,000 pounds, well, I probably have not. I haven’t registered in any lotteries. I don’t win the $750,000 pounds. And don’t you think they’d pick up the phone and call me? Why would they send me an email, especially knowing that most of our email is going to go right into our spam folder anyway.