Despite our increasing technological sophistication, we can't help falling for e-mail about Bigfoot, giant mutant cats, doomed tourists, and deadly butt spiders.

Alice LaPlante, Contributor

October 22, 2008

9 Min Read

This story was originally published on October 25, 2008.

Admit it. Even you, a savvy veteran e-mail user, have fallen for one or more of these Internet rumors. Or, even if you weren't quite sure of the veracity of a particular story or photograph, you e-mailed it to your friends to amuse/warn them, or to see what they thought.

Don't be embarrassed, you're not alone. Despite our increasing technological sophistication, we seem to be as susceptible as ever to people determined to make suckers of us. After all, Internet hoaxes play on our human, not technical, vulnerabilities.

"These hoaxes use social engineering to trick people into doing what they otherwise wouldn't do," said Patrick Runald, chief security advisor for F-Secure, an Internet security firm. Graham Cluley, a senior security analyst with Sophos, a London-based security vendor, agreed. "The most successful hoaxes have been the ones that people had a real compulsion to forward. These things can't travel unless humans participate. And, unlike anti-virus software, we haven't found a way to upgrade the human brain," said Cluley.

A lot of times these hoaxes are based on engendering fear -- such as the virus hoaxes that periodically sweep over the Internet (keep reading). "At other times, they play off people's curiosity or vanity, or even desire to help others. In any case, although some might originate in a sense of lighthearted fun, "many are far from being harmless pranks," said Runald. "They can take a real financial and emotional toll."

Jim Graham, founder of the Web site HoaxBusters.org, which tracks and debunks Internet hoaxes, agrees. "Hoaxes can cause panic, anxiety, and stress to individual recipients," he said. "In the business world, they can lead to lost productivity, take up valuable network bandwidth, and present a serious security issue." Moreover, he said, "to a spammer, the addresses found in forwarded e-mails are like finding gold."

And the line between hoaxes and fraud can be very thin. Often attackers will build on the momentum that an especially widespread hoax has already achieved, said Zulfikar Ramzan, technical director at Symantec, which tracks online attempts to defraud consumers. "What often happens is that someone perpetrates a hoax -- say invents a fake news story -- and attackers take that and piggyback malicious code on top of it," he said. For example, the virus hoax claiming that opening an email with "An E-Card for You" would crash the recipient's computer eventually picked up an actual virus, said Bill Austin, who runs the Web site VirusHoaxBusters.com. "In effect, the hoax becomes the mechanism for the fraud," he said.

How common are Internet hoaxes? David Emery, the Urban Legends guide for About.com, hears about "several hundred a week. I can't begin to cover them all," he said. "It's quite a phenomenon and speaks to the nature of the Internet, about the gullibility of people, who tend to think that because something has been written down, or because there's a photograph, that it must be true."

Just in time for Halloween, InformationWeek interviewed a battery of security experts, Internet folklorists, and hoax watchdog groups to get their take on the most successful Internet hoaxes to date. 7. Bigfoot Captured!
Last August a Bigfoot hunting group lit up the Internet with claims it had found the 500-lb. body of Sasquatch in the woods of northern Georgia.

The rush to view photos of the beast was so intense that the group's Web site went offline. Queries to SearchingForBigfoot.com were returned with an error message that said "Bandwidth Limit Exceeded."

Days later press conference to discuss the creature's DNA analysis revealed that results were "inconclusive." And the group disclosed that it was the victim of a hoax.

InformationWeek blogger Paul McDougall: "Word of the purported discovery resounded across the Web last week, with everyone from the New York Times to obscure bloggers weighing in. But rather than prove the existence of Bigfoot, it appears that what Schmalzbach and company really demonstrated was that, in the Internet era, there's sucker born every nanosecond."

6. Snowball, the Giant Mutant Cat of Ontario

This photo of a man holding a giant (supposedly 87 pounds) cat first appeared on the Internet in April 2000. An e-mail that wove a story around the photo began circulating a year later. The cat's purported owner, a Roger Degagne, supposedly found Snowball as a kitten near a nuclear power plant in Chalk River, Ontario, Canada -- the implication being that toxic waste had caused its grotesque size. This is one of David Emery's personal favorites, and falls into the general category of weird animal hoaxes, which are generally accompanied by doctored photographs.

Another one that made the rounds in 2001-2002 depicted a great white shark attacking a man in a helicopter. Still another, said Emery, was the 1999 hoax about so-called "butt spiders," which supposedly lurked under toilet seats and bit unsuspecting public restroom patrons in, er, private places. The fake news stories that circulated on the Internet about these spiders were held up as "proof" that people were mysteriously dying of spider bites after visiting bathrooms at certain hotels and restaurants in Chicago and Florida.

5. The Last Tourist

Within a month of Sept. 11, a photograph began circulating the Internet that supposedly showed a tourist on top of the World Trade Center right before one of the terrorist-piloted planes hit.

Soon debunked for a number of reasons -- among other things the tourist would have been standing on the north tower, given the view of Manhattan behind him, but the north tower didn't have an observation deck -- other versions began appearing. The tourist guy started showing up in other disaster photos and other images began appearing in his place in the photograph -- most notably, Snowball the Mutant Cat.

4. Good Times Virus

This is just one example of a whole category of hoaxes, known as "virus hoaxes," which warn about the dangers of a particular piece of malware with the potential to wreak irreparable damage on users' computers. This particular virus was supposed to be attached to an e-mail message with the subject heading "Good Times," that if opened, would rewrite the recipient's hard drive and result in other disastrous scenarios, many of which were technically unfeasible.

Rob Rosenberger, a computer security consultant and founder of Vmyths.com, which identifies virus hoaxes, was working at CompuServe in November 1994 when this hoax first emerged. The former e-mail giant had to divert processing duties of two of its 43 mainframes to handle the "staggering workload" the hoax created. "People want to help others -- it's a powerful motivator," said Rosenberger. "So they get these warnings of a really bad virus that's coming around, and pass it on. Such things take on a life of their own."

Another notable virus hoax was Irina, which was actually a publicity stunt by a British publishing house that was trying to generate buzz for an interactive book on computer viruses. Instead, it created an international furor -- and warnings about Irina are still circulating today. The investigative Web site Snopes.com called this act "completely irresponsible." 3. Bill Gates' Millions Giveaway

This hoax, which appeared in early 2001, claimed that Bill Gates of Microsoft was conducting a beta test of new software and would send money to all those who forwarded the message to others.

"Even after almost eight years of continued circulation, many people still get fooled by this old hoax and send on the message," said Brett M. Christensen, who runs the Web site Hoax-slayer.com. This hoax has spawned a number of variants, and has traveled all over the world. One especially persistent version, for example, was that Microsoft and AOL were teaming up to make sure that Internet Explorer remained the dominant Web browser on the market.

"Every week, I receive at least a few e-mails asking if the information in the message is true," said Christensen. Although this particular hoax is not difficult to debunk and is not dangerous -- little more than common sense is all that is required, said Christensen -- "it certainly is one of the most widespread of all Internet hoaxes, probably because of the promise of free money."

2. Petition to Ban Religious Broadcasting

"This is one of the most sustained rumors on the Internet, and is based on the absurd premise that atheists are attempting to get all religious programming off the air," said Rich Buehler, who runs the Web site TruthorFiction.com.

This, like so many chain-letter hoaxes, has mutated over the years. It started out in 1996 claiming that the atheist Madalyn Murray O'Hair, who brought the lawsuit that led to the Supreme Court decision to ban prayer from public schools, was petitioning the FCC to ban all religious programming. It then spawned other chain letters asserting that atheists were attempting to forbid Christmas music in public places and remove references to God from popular television shows like Touched by an Angel.

"The most recent reincarnation is that the prominent evangelist Dr. James Dobson is appealing to people to write to the FCC to prevent atheists from banning all religious references in broadcasting -- both radio and television," said Buehler. "It's the perfect rumor in a way, because it has a threat, a villain, and enough specifics to sound credible."

1. Save Amanda Bundy

This chain letter has been in circulation since as early as 1997, and falls into a general category of "sympathy" hoaxes. There are a large number of variations of this letter in circulation, and many of them reference a sentimental poem "Slow Dance," supposedly written by this young girl who is dying of cancer:

Life is not a race.
Do take it slower.
Hear the music
Before the song is over.

Most versions of this e-mail call upon readers to forward the message to everyone they know, claiming that the American Cancer Society is a corporate sponsor. (Indeed, there are so many hoaxes that invoke the name of the American Cancer Society that the organization has created a Web page to discredit Internet rumors. Other names used in similar e-mails include Jessica Mydek, Rachel Arlington, and Craig Shergold.

The purported reasons to forward the e-mail vary. Mostly they claim that the cancer patient's dying wish is to tell as many people as possible that they should live life to the fullest, as he or she will never have the opportunity to graduate from high school, get married, have children, and so forth. Sometimes they say (falsely) that the American Cancer Society will donate money for every forwarded e-mail to try and save the person's life. In any case, "most of these stories of dying children are patently made up," said Symantec's Ramzan.

About the Author(s)

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights