Korova Multimedia

Click the read the latest, greatest Hoax du Jour

Drop-dead Internet Alerts

'Net of The Living Dead

In the brief time that I've been writing the "Hoax du Jour" columns, I've seen examples of hoaxes and bona fide bulletins staggering around the Internet long after the original cause has expired. Once an e-mail alert is sent out, it's almost impossible to stop it.

Some of these "e-mail undead" mutate during rebirth. Result? An innocent, one-time alert can live on as a zombified "thought virus," traveling the Internet causing hysterical and misinformed action, regardless that such action is entirely futile.

Here are some well-known examples:

  • Aging alert: "809" phone scams
  • Aging alert: 90# phone scams
  • Aging alert: No Urban dictates

  • Chain letter: Craig Shergold cards
  • Chain letter: "Free stock" scams
  • Chain letter: Mill Cove 5th Grade project

  • Misfire: Avert a heart attack by coughing
  • Misfire: Blacks lose the right to vote in 2007
  • Misfire: FCC Internet Tax (various hoaxes)
  • Misfire: Gay Jesus film (hoax)
  • Misfire: Jessica Mydek (hoax)
  • Misfire: Save AOL/ICQ instant messaging (hoax)
  • Misfire: Save Sesame Street
  • Misfire: Save the USAF chimps (hoax)

  • Petition: FCC requested to ban religious programming
  • Petition: Plight of women in Afghanistan
  • Petition: Save PBS / NPR / NEA

  • Save a child: Amanda Bundy
  • Save a child: Andrew Russell Steinmetz
  • Save a child: Krystava Patients Schmidt

  • In all but a few of the cases above, there was a tiny grain of truth to the alerts, but that was all. In all cases, there is little or nothing that you can now do to further the causes.

    Recipe For A Better Internet Alert

    If you are in a position to generate Internet bulletins, you CAN do something. It doesn't take much more effort to write a more effective alert that lasts only as long as it is valid. I call such a bulletin a "drop-dead alert," because it is authentic ... and ephemeral. By design, it will only last as long as it's meant to.

    To be clear, a drop-dead Internet alert needs no exclamation points, no ALL CAPS, no request to send out more copies. The reader is given more than ample evidence of the authority of the writer (and his information), and further data is only a mouse-click away. A drop-dead Internet alert informs, and empowers, quietly.

    If you're writing Internet information bulletins, compare your work with the following checklist. If you received one, compare it to this checklist, and see how it measures up.

    An Annotated Alert

    Enough theory, okay? Lecture's over, class, now let's do a lab.

    Below I've written a sample e-mail alert to illustrate my points. As you read through it, reflect on the suggestions above, and tally up how much of my own advice I heed. (If you feel the need to peek, click the footnotes.)

      Korova Multimedia E-mail Alert                           11 September 19992
      http://www.korova.com/virus/3                                  nemo@korova.com4
      This e-mail alert is distributed by Korova Multimedia (www.korova.com)
      to alert the Internet community to a potential hazard. This alert is
      distributed to "opt-in" participants in the Korova Multimedia
      "e-v-mail" pages, an ongoing commentary on the phenomenon of
      misinformation on the Internet.5
      If you forward this alert to another address, please do so in its
      entirety. Please do not quote portions out of context, or edit any
      text between the dotted horizontal lines ("~-"). 
      ALERT #01-997 - "E-v-mail"
      SUMMARY:8 The Internet is being flooded with e-mail messages that
      contain misinformed warnings and uncorroborated facts. Some messages
      are hoaxes, apparently written to create needless confusion, paranoia
      and hysteria. 
      RISK:9 Anyone who receives e-mail at work or at home may may be exposed
      to unsolicited e-mail which contains misinfomation. 
      DESCRIPTION:10 The Internet has become a breeding ground for
      misinformation and hoaxes. Users who are inexperienced with e-mail
      (electronic mail), and e-mail "netiquette," are regularly encouraged
      to forward uncorroborated messages to others. These messages may
      contain factual errors; many appear to be intentional hoaxes. 
      The U.S. Department of Energy's CIRC office (formerly CIAC) asserts
      that online hoaxes and chain letters generally feature three basic
      features: The Hook, The Threat, and The Request. These components act
      to appeal to the reader, incite paranoia (or sympathy, or greed), and
      encourage the reader to forward the message indiscriminately. 
      Several commentators have suggested that a message that falsely warns
      of an e-mail virus, and asks the reader to forward the warning to
      everyone each reader knows, IS the e-mail virus. Korova Multimedia
      calls this e-mail phenomenon "e-v-mail." The success of e-v-mail
      depends upon a reputed "thought virus," an e-mail borne contagion. The
      message, when read, "infects" the reader and induces symptoms such as
      needless panic, and an involuntary urge to forward the message via
      e-mail. The user who succumbs to the thought virus "infects" others by
      forwarding the e-mail, thereby "spreading the disease." Many observers
      feel that e-v-mail has become an Internet "epidemic." 
      One of the first documented e-mail virus hoaxes was called "Good
      Times." Variants of "Good Times" continue to be distributed today.
      Other popular e-v-mail messages include various "free" giveaways,
      false electronic virus warnings, the "90#" and "809" phone scam
      alerts, health scares, missing children alerts, and petitions for
      various causes. Many of these examples fit the description of
      When you receive a message containing a warning, a possible hoax, or a
      chain letter, we suggest you read the message with reasonable
      skepticism. Messages from unknown or obscure sources (even a "friend
      of a friend") should be viewed with high suspicion. 
      Rather than forward the information promiscuously, we ask readers to
      confirm the information in a message before resending it, and discard
      without further action any e-mail which makes unsubstantiated claims.
      Forwarding a message without thinking contributes to the e-v-mail
      problem, and negatively impacts the Internet community as a whole.
      REQUESTED ACTION:11 This is an advisory. No further action is necessary.
      Sent:12    15 September 1999
      Expires:13 15 December 1999
      DECL:      OADR14
      This alert is for information only. E-mail inquiries to nemo@korova.com.15
      This document is available online at http://www.korova.com/virus/alerts.htm.16


    1. Horizontal lines are used to enclose the alert, and separate it from any siglines which other recipients might add when they forward the alert.
    2. Dated, so there's no confusion about when this was written.
    3. A easily accessed Web URL to find out who the originator is.
    4. I've also provided an e-mail address for individual inquiries. (This address is invalid, since junk e-mail to my domain has been a nasty problem lately.)
    5. I've clearly identified who sent this alert, why, and to whom it was written for.
    6. This is a cute trick I learned in the U.S. Coast Guard. If the alert is intended for a limited audience, clearly mark it; for example, "COMPANY CONFIDENTIAL." In this case, I've made clear that it can distributed to the Internet at large.
    7. This alert has been numbered for accurate reference. Someone can write in and ask about "Alert 01-99." If it is one of a series, a subscriber can inquire if one was missed, as the sequence would be out of order.
    8. A summary is a thoughtful convenience for anyone who has to skim large volumes of e-mail. This summary clearly encapsulates the topic of this alert. Also, I've kept the alert to a single topic.
    9. This section makes clear who is effected by this alert. Those who aren't effected can stop reading and click DELETE.
    10. Generally, I feel that one should write an alert in five hundred words or less. Any more detail can be provided on a referenced Web page. Note that I've broken the narrative down into six small paragraphs, allowing the reader to pause and absorb the material at his, or her, own pace.
    11. Requested action should be specific steps that readers must take. (Note that my last two narrative paragraphs were only suggestions.) If no action is needed, a standard boilerplate comment will suffice. If it isn't clear by now, we should never see "Please forward this to everyone..." in this field.
    12. To be particularly exact, I've even specified when this alert was distributed. You need not be quite so particular, but your organization may have a requirement to log when alerts are sent. Using this field may make subsequent inquiries simpler.
    13. This alert didn't need to expire, but many do. Since I've specified that this alert could go out the entire Internet community, I assert that it will expire in a short period of time. This will allow me to send out a later revision, and minimize the chance that my current alert will be forwarded indefinitely.
    14. If you understand this entry, then you shouldn't be surprised by many of the suggestions I've made on this page!
    15. This is an optional disclaimer, protecting the author from certain liability. Depending on your authority, you may wish to include a copyright notice, or a similar liability statement. As a courtesy, again, I've included an e-mail address. If multiple authors are responsible for your alerts, perhaps you should have the name and contact information for the author here (e.g., "Please contact SGT Tony Burgess of the Korova Police Department for inquiries about this alert.").
    16. There is nothing, I repeat nothing, you can do to stop someone from abridging or sabotaging your alert once it's been released. But ... you can post a copy on your own Web or FTP site, and refer to it in your alert. A link on your home page (see above, 3.) to an archive will ensure that visitors can find old, authentic copies of your alerts. If someone receives a questionable copy of your alert, it will take little or no time to compare the contents with the copy on your Web site.

    Other examples:

    See also:

    David Spalding

    18 September 1999

    Public links to this specific article: http://www.korova.com/virus/alerts.htm. Also: this page, print-friendly.

    This page was written for the public information or IT professional who is preparing a general interest warning for a wider audience. Several of my own suggestions are based on my background in Coast Guard Intelligence, drafting and reviewing tactical information reports for field commanders. I based some of my text upon Phil Agre's excellent article, Designing Effective Action Alerts For the Internet, which I highly recommend. Phil's guide is directed towards those who distribute political action alerts, but nevertheless has a lot to offer to anyone doing mass communications on the Internet.

    Many infosec colleagues have given me insight into these issues over the years. Immediate and long-term thanks go to Dave Brown, Tom Latta, Pat Nemeth, Rob  Rosenberger, George  Smith, Willie  Viarnes. Others whom I've excluded by omission of memory are hereby deemed included.

    Korova.com sales on Amazon help support this site's expenses.
    Go ahead, search for something, anything....

    Up to 40% off books, music and much much more.


    © Copyright 1999 D.B. Spalding/Korova Multimedia. All rights reserved.







    What's new?