Won't Get Fooled Again

What do the following have in common?

• Notice from the IRS saying you are eligible for a tax refund; just complete the online form to claim
  Web site offering a device for performing LASIK eye surgery at home
• Email warning about a virus that opens an Olympic Torch which "burns" the whole hard disc C of your computer
• Claim that Bill Gates, Microsoft and AOL are giving away cash and merchandise to those who forward an e-mail message
• Email alert about a young man killed (electrocuted) when he answered a cell phone that was charging

If you answered "hoax", "untrue" or "urban legend", give yourself a gold star for spotting these phony claims that may land in your InBox. According to the United States Computer Emergency Readiness Team (US-CERT), there are several clues to help you identify a hoax or urban legend.

Some messages are more suspicious than others, but be especially cautious if the message has any of the characteristics listed below. Note these are just guidelines; not every hoax or urban legend has these attributes, and some legitimate messages may have some of these characteristics:

• It suggests tragic consequences for not performing some action
• It promises money or gift certificates for performing some action
• It offers instructions or attachments claiming to protect you from a virus that is undetected by anti-virus software
• It claims it's not a hoax
• There are multiple spelling or grammatical errors, or the logic is contradictory
• There is a statement urging you to forward the message
• It has already been forwarded multiple times (evident from the trail of email headers in the body of the message)

What should you do if you receive something like this? Just delete them. If sounds too good to be true, it probably is (think Nigerian bank scam). If you're not sure and want to investigate, there are several sites that track the latest and greatest hoaxes and urban legends. Here's the list that US-CERT compiled:

• Urban Legends and Folklore - http://urbanlegends.about.com/
• Urban Legends Reference Pages - http://www.snopes.com/
• Hoaxbusters - http://hoaxbusters.ciac.org/
• TruthOrFiction.com - http://www.truthorfiction.com/
• Symantec Security Response Hoaxes - http://www.symantec.com/avcenter/hoax.html
• McAfee Security Virus Hoaxes - http://vil.mcafee.com/hoax.asp

Developing this healthy pessimism about unbelievable claims could save you possible aggravation or even the theft of personal or confidential information. It will also stop you from forwarding this spam to others who might not know to just delete it (because it came from someone they trust - You!).

"Identifying Hoaxes and Urban Legends" is just one of a long list of tip categories on the US-CERT web site. Check out all of them at http://www.us-cert.gov/cas/tips/. You can also sign up to have the tips emailed to you or subscribe to an RSS feed.