Few years back, I got an email from my colleague warning me about a virus. I went through the distribution lists in that email and it seems this has been forwarded by multiple people requesting everyone to forward this as it has the information about a virus that seems to be dangerous in nature. My colleague had forwarded this with good intention, to educate or alert me and his friends. I went through different reputed antivirus websites to check the details of this virus and was not able to find any information related to this.
You would be thinking that you are too smart to identify those emails. I too agree that previously these mails, called as virus hoax emails were easy to identify because they were poorly worded and had grammatical and spelling errors. But now the reality is that internet scammers are getting much better in enticing readers by disguising their schemes as coming from legitimate sources. Hoaxes are nearly impossible to distinguish from scams and frauds and do not look harmful like a worm or virus, in fact, it can be used as a driver to commit fraud. If it is a virus, then it is well reported and is analyzed better due to its destructive nature, virus hoaxes are not been treated properly. Hoaxes look genuine in nature but will employ psychological tricks, stress the urgent nature of the threat and encourage you to forward the message to other people as soon as possible.
An interesting part of hoaxes is about the goal of the people behind it. Most of the people will think that it won’t create any impact, as I am simply forwarding those emails. The reality is that our email addresses are getting exposed which can be used by fraudsters and can launch other social engineering attacks. Also, if some email comes informing about a windows .exe file mentioning that as a virus, then if we don’t check whether it is legitimate or not and delete that important .exe file, it will result in other issues.
How does this affect my organization? I would rate virus hoaxes as more risky than a virus. If it is a virus, with the help of an antivirus I can quarantine it, but there is no way I can quarantine a virus hoax. We can use better email content filters to control to an extent; here the only practical way is to educate the user. I don’t think there is no better way than giving proper awareness to our employees. If you receive a warning about a computer virus or worm or any other malware, it is important not to forward it without first checking whether it is legitimate or not, as the action requested to the recipient can cause damage in some cases, even if there is no real virus. If you were able to identify it as a hoax, the best action should be to delete it or if you have doubts whether it is legitimate or not, without forwarding to multiple people, you can seek assistance from the IT security department. You can also do a google or bing search by entering the contents in search engine, and if it is a hoax then it would be discussed in different forums and thereby you can identify whether it is legitimate or not.
As an IT security team, we need to have a separate email box, where our employees could forward those emails and can seek assistance. We also can advise our employees to only trust the emails related to viruses from internal IT security department and can disregard or notify the email address discussed above. We can create an internal security portal where the IT security team will publish information about latest virus hoaxes so that when a user receives an email he can visit this portal to have an understanding about the email. Also, IT security team can send newsletters, presentation to users for educating or creating awareness.
Virus hoaxes are more than annoyances, as it may lead some users to ignore all virus warnings, leaving them vulnerable to a genuine destructive virus. So it is more important to give that awareness to your employees to distinguish between a virus hoax and a real warning and has to be driven by the IT security team.