You are traveling through another dimension--a dimension of bits and bytes and information. It is a journey into a wondrous land whose boundaries are that of imagination and there is a signpost up ahead. Your next stop: the Internet Zone. Within the vast, bright realm of cyberspace, however, lurk various tricksters and scam artists ranging from amusing to annoying or downright dangerous.

These miscreants have turned their not inconsiderable talents to creating stories that convince the unwary to spread the seeds of their imaginations around the world. Submitted for your consideration are some of the stories that have become Internet legends and urban myths. All of them are hoaxes, but they cling to their odd half-lives through a combination of cunning, persistence and their ability to draw new believers to their cause.

If an informed electorate is the foundation of democracy, then informed users should be the foundation of the Internet. In this issue, we will dissect a few of these hoaxes with a view to helping prevent their spread in the future. The more people who understand how chain spam really works, that there aren't really people in Nigeria who want you to launder money for them and that apparently friendly warnings usually start out as misanthropic attempts to stir up a cloud of e-mail activity, the better off we will be.

Forward Me!

What prompted this particular topic was an e-mail mass mailed by someone at one of our field offices. It went something like the message in Figure 1. Some of you may recognize this one. Zippy received it from a well-meaning person and forwarded it to another few hundred people, some of whom managed to forward it to others in the 10 minutes it took me to send a notice telling people to ignore the message because it was a hoax.

Figure 1.

Urgent! Urgent! All Cell Phone Users!

From: Zippy
Sent: December 01, 2004 10:08
To: All of my friends
Subject: FW: IMPORTANT!

Starting Jan. 1, 2005, all cell phone numbers will be made public to
telemarketing firms. So this means as of Jan. 1, your cell phone may
start ringing off the hook with telemarketers, but unlike your home
phone, most of you pay for your incoming calls. These telemarketers
will eat up your free minutes and end up costing you money in the long
run.

According to the National Do Not Call List, you have until Dec. 15,
2004, to get on the national "Do not call list" for cell phones.
Registering only takes a minute. Make sure you register now!

How do we know it is a hoax? On the surface, there is a grain of truth in the story. Yes, there is a National Do Not Call Registry where people can register their phone number to avoid telemarketing calls. Yes, there is an industry group trying to establish a 411 directory of cell phone numbers. Add in that many people do not trust telemarketers or telecommunications companies to protect their privacy and you have rich fertilizer to sprout a bumper crop of panicky e-mails.

However, it is just fertilizer because the main assertions are simply not true. First, there is no deadline for registering on the Do Not Call Registry. Second, current Federal Communications Commission (FCC) regulations prohibit telemarketers from calling cell phones. Finally, the industry-sponsored wireless 411 directory, as currently proposed, will only include the cell phone numbers of people who voluntarily add their numbers to the listing.

The industry group is also fighting pending legislation that would regulate cell phone directories and make it virtually impossible to create or distribute any list without voluntary participation by cell phone users. Apparently, there is enough valid information in the message to convince many otherwise rational people that this is a real problem, and they should forward the warning on to all their friends and relations as a public service. Unfortunately, all that does is encourage hackers who rely on social engineering to create even more entertaining e-mail fiction.

Other popular e-mail subjects over the past few years have been:

[check] You can get free cash (or beer) by forwarding an e-mail message

[check] The U.S. Postal Service is going to start collecting a 5-cent fee for every e-mail message sent

[check] Business travelers are waking up in their hotel rooms in ice-filled bathtubs minus a kidney

[check] Gas pump handles trapped with hypodermic needles are ready to prick you when you grab the handle (similar to ATM deposit envelopes laced with cyanide)

[check] Nike will give you new shoes if you turn in your old ones

[check] Money will be donated to charity (injured child, abandoned puppies, political campaign, etc.) for forwarding an e-mail

[check] Pending legislation will require all gun owners to list their guns on their income tax returns

[check] Your free e-mail service will cancel your account if you do not for-ward this e-mail

Frankly, I do not care about the subject of a chain-forwarded e-mail; I delete virtually all of them. I will admit to passing on the one about the soldier in the shack on Christmas Eve, and every once in a while I see something particularly humorous that I just have to share with a few friends. Even some that appear to be good spam are self-serving attempts to generate e-mail traffic. And given the proven ability of e-mail to carry malicious viruses, I am not inclined to be forever known among my friends as "Typhoid Dale" because I sent a virus to everyone in my address book.

Out of Africa

Another persistent e-mail scam that I still see in my inbox, despite a pretty good Bayesian filter, is known as the Nigerian Scam. These types of scams are known as advance fee fraud scams or 4-1-9 fraud. 419 is the number of the section of the Nigerian penal code that addresses fraud schemes.

This scam starts when you receive an e-mail plea from an allegedly wealthy foreigner, who needs your help to move millions of dollars from his homeland to the United States and will reward you with a hefty percentage of the money. Or you have won a foreign lottery you did not know you entered. Or some wealthy repentant sinner wants to leave your church millions of dollars in his will. All you have to do is send several thousand dollars in processing fees to release the money so they can send it to you.

Now you would think that upon reading this particular pitch the frontal lobes of the average cerebellum would be screaming, "WARNING, WARNING! Danger Will Robinson! SCAM, SCAM!" It is so obviously a scam that three blind hedgehogs living inside a padlocked canvas mail sack should be able to see it coming.

However, a 2002 U.S. Secret Service report (http://www.secretser-vice.gov/alert419.shtml) estimates that advance fee schemes still con people out of hundreds of millions of dollars every year. Advance fee scams are not new. They have been around since the Spanish Prisoner letter scam in the 1920s. But for some reason, people really want to believe in free money and, once hooked, will not let go of the illusion until they run out of money. The stories of people duped by these schemes are legion. You can find clues that you may be dealing with a hoax at the Department of Energy's Computer Incident Advisory Capability (CIAC) on its HoaxBusters site at http://HoaxBusters.ciac.org/.

Phishing Phollies

Speaking of fish, no discussion of online scamming would be complete without a description of phishing. This occurs when scammers "fish" for information by posing as banks, credit card companies or online businesses and try to obtain account details and pin numbers.

Most phishing today is done via e-mail. You get an official-looking e-mail from companies like Visa, Amazon.com, eBay, Smith Barney, etc., that asks you to click on an embedded link to their Web site and confirm your account data. While these links may appear genuine, the underlying URL (Uniform Resource Locator) in the page code takes you to the scammer's site, which is designed to look exactly like the genuine article. Once you enter your account information into the login form, you get a reassuring message that everything is just fine with your account and the scammer gets your account details.

As with advance fee scams, phishing is not new, it is based on old telephone scams where someone called up claiming to be from the bank or credit card company and asked people to verify their card number, expiration date, billing address, Social Security Number, etc.