While April Fools' Day jokers spoof for fun, scammers want to hijack your PC: Internet ScamBusters #329
All Fools' Day, or April Fools' Day, as we know it, is a time for practical jokes. And even though we're aware of this, most of us still fall for the pranks and hoaxes that others delight in playing.
It's all supposed to be good fun, but for scammers it's also an opportunity to bombard us with spam and to try to trick us into downloading malware, as this week's issue shows.
On to today's main topic...
Have Fun But Beware: The Sinister Threat Behind April Fools' Day
Traditionally the time of year for practical jokes, pranks and hoaxes that we all either perpetrate or tolerate, April Fools' Day has taken on a more sinister aspect in recent years with the advent of Internet-based scams that represent evil rather than fun.
All Fools' Day -- April 1st in most (but not all) countries -- has been around for centuries. No one knows where or when it started. Some say it goes back to the biblical time of Noah, when he sent a raven out too early to search for dry land.
More likely is a changeover in calendars and dates in France during the 16th century, when people who refused to accept the new order were referred to as Fools.
And ever since, we have marveled at the ingenuity of hoaxers who have invented stories relating to subjects as diverse as spaghetti harvests in Switzerland to the notion that part of Manhattan Island was sinking and needed to be sawed in half.
The Internet era has enabled many April Fools' hoaxes to circulate year after year, catching out a new crop of victims each time -- like warnings about the use of dihydrogen monoxide (which, of course, is the chemical name for water!) or whether Neiman Marcus actually charged a customer $250 for their cookie recipe.
See this Scambusters article: ScamBusters' Top 10 List of History's Greatest Internet Hoaxes for more about the Neiman Marcus Cookie Recipe and other famous hoaxes.
Some well-known Internet operators have achieved their own notoriety for dreaming up clever April Fools' hoaxes.
Google, for instance, comes up with a new one each year. A couple of years back, the Internet search giant claimed it was linking up with the airline Virgin, forming a company called Virgle to launch a manned colony on Mars!
The Internet security company Sophos once claimed it had found a way to block out hackers by using webcams on their PCs to recognize them!
It's all good fun. Or at least it should be.
But, unfortunately, that's not always the way things turn out.
April Fools' Day each year marks a sizeable surge in spam emails. The reason is simple -- using special dates and holidays in the subject line of an email often sidesteps the spam filters most of us have installed on our PCs.
The spammers know they have a better chance of getting their messages across on this date and that, if they have "April Fool" in the subject line, you're more likely to open and read it.
For more information on this and other latest aspects of spamming, see last week's spam update issue: Spam Update: How You May Unknowingly Be Contributing to the Spam Problem.
That's bad enough but on April Fools' Day 2008, this spamming nuisance was turned into a real threat, expected to reappear in 2009 and subsequent years -- a link to poisoned websites from which a virus attack is launched.
Usually, the message has one of the following subject lines (though, beware: they will change from year to year):
I am a Fool for your Love
Join the Laugh-A-Lot!
Surprise! The joke's on you.
Today You Can Officially Act Foolish
Wise Men Have Learned More from Fools
All Fools' Day
April Fools' Day
Doh! All's Fool.
Doh! April's Fool.
Gotcha! All Fool!
Gotcha! April Fool!
Happy All Fool's Day.
Happy All Fools Day!
Happy All Fools!
Happy April Fool's Day.
Happy April Fools Day!
Happy April Fools!
Sometimes, the message has a picture inside, with a link to a site you're supposed to visit to see a message which, needless to say, you have to download. Other times, the supposed "joke" is actually attached to the email.
Either way, if you click to download or open this "joke," it will install a Trojan horse virus that will give the scammer access to your PC.
Although less malicious in intent, some other April Fools' hoaxes can be costly in terms of time and money spent in responding to them. The dihydrogen monoxide story mentioned above is a case in point, when council representatives in one California city spent hours debating the use of this "mystery" chemical in styrofoam cups!
An additional problem is that stories that are quite patently revealed to be spoofs because they contain that April 1 date subsequently have their dates removed as they circulate on the Internet, making them seem more credible.
There is, however, a positive side to the scamming aspect of April Fools' Day. Law enforcement and other "watchdog" organizations use it as a platform to alert people to the risks of being conned.
A notable example, which we've reported on before, is Australia's Securities and Investment Commission (ASIC) which runs a spoof each year to hook gullible investors and then to tell them they've been scammed.
In a recent exercise launched on April 1, ASIC sought investors for a product called an Electro-Harvester that was supposed to recycle "ambient electromagnetic radiation back into usable household energy," promising to cut ordinary Australians' power bills by 37%.
Thousands clicked the link to invest, only to read a warning that they could have been scammed. The site has since been taken down.
So, while no one wants to stop people from having fun through harmless pranks on April Fools' Day, it's as well to be on your guard. Here are three tips to keep you on the alert:
- Set up some kind of reminder for yourself that "today is April Fools' Day" -- write yourself a sticky note or mark it on your calendar.
- Be doubly skeptical of everything you hear about on the day. Start by asking: Is this an April Fools' prank?
- Use the same wariness you always apply to clicking links or attachments. Don't be fooled by an "April Fool" subject line.
One caveat, though. Sometimes unusual or notable things do actually happen on April 1. For instance, Google's Gmail service was launched on that day. And it was the day singer Marvin Gaye was assassinated.
So just because it's April Fools' Day, don't swing the other way and think everything you hear is a spoof. Just weigh it up carefully and, if it is significant to you personally, check it out independently.
Without wanting to spoil the fun, we also have a couple of warnings to pass on to April Fools' pranksters:
- Be aware that people with serious health conditions can be unintentionally threatened by tricks that might either put them under stress or cause them to behave in a risky way.
- Beware of crossing over the line between what's legally acceptable and what's not. In another investment spoof, jokers paid and used an outside organization to distribute press releases about their phony site. The distributor subsequently sued the pranksters for damaging their reputation.
So whether you're a prankster or just on the receiving end of an April Fools' joke, our message to you is: Have Fun. But don't be a Fool!
Time to close -- we're off to take a walk. See you next week.