Scott Hanselman

Web Common Sense isn't too Common

October 21, '07 Comments [26] Posted in Musings
Sponsored By

Ah, my poor family. The Web is too complex. I don't mean from a navigational sense, I mean from a navigating your way around it sense.

My mom sent me some emails today asking about scams. Here's one:

"I apologize for continuing to send this stuff, but I do not know what is real and what is junk…is this real?

REMINDER....all cell phone numbers are being released to telemarketing companies tomorrow and you will start to receive sale calls."

Visiting the FTC's website and confirming the SSL Certificate shows that this rumor about Cell Phones in the US and Telemarketers is not true.

But should my Mom have to worry about this kind of thing? Perhaps this is just life in a complex world?

My worry is, what if she asks me for her advice on one of these things and one day I'm wrong? I tell her to suspect everything. I also say that if someone called you at home and said the same thing they're saying in the email, would you believe them? Some how things in text seem more credible than things said out loud.

I know you're the IT Department for your family, Dear Reader. This is our charge and ours to bear happily, but are you also the Web Bullsh*t detector?

How do you protect your friends and family from these things? How do you teach Web Savvy?

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb
Sunday, 21 October 2007 05:43:12 UTC
My mother-in-law had a really bad habit of sending every one of those things my way, to which I would reply with the results of a Google search using the relevant terms from the message and site:snopes.com. So now she no longer sends them to me, but she will still send them to my wife or pass on the "info" over the phone. Guess I could have been less brusque in my replies, but it's a pet peeve of mine.

Chain letters existed before email, and they actually cost money to send. I suppose it's human nature to want to act on something that seems official, something purporting of impending doom or easy money. What blows my mind is when the stupidity of some of these urban legends leaks into corporate or government policy. Many self-server US gas stations now have signs warning you not to use your cell phone because it's an explosion risk, even though it really isn't. Having a personal taste for nonconformity, I make it a point to call someone on my phone whenever I'm filling up and I see one of those signs. One of these days some overzealous law enforcement officer is going to haul me to jail for endangering the public, I'm sure.
Sunday, 21 October 2007 06:23:26 UTC
Funny that you should mention this. My buddy runs a non-profit "welcome wagon" in Saskatoon, Saskatchewan for foreign immigrants (of course, being in the middle of the land mass tends to reduce their number).

One of the his "new recruits" came into the office needing a hand sending a fax (which they do of course), but after futzing with the number, my buddy stopped and said, "Hey, this numbers too long... where is this thing going? Spain? uh what!?!"

So he opens the letter in the guy's other hand and pulls the fax off of the tray. It is of course a scam, with all of the usual trimmings. Which makes me pretty thankful for having these type of welcome wagons.

Of course, when it comes to the e-mail crud, I have a family of skeptics, so they're usually on the ball. But I have doled out the rule that if you can't really read it, and it doesn't read like english, then you should just delete it.
Sunday, 21 October 2007 07:06:00 UTC
Interesting thing is that I think this particular email chain made a come back this week, and it did so quite quickly. 3 days ago I received a very similar email from my wife, while I was at work, asking me to check the validity of the email (she now knows better than to push the forward button).

About 5 mins after I found some info on this chain on the FTC site as well as on Snopes.com, I received a big, fat forward email from the exec admin to the VP at my client, with the same email thread. Of course I made the due diligence of informing her (not a reply all, since I don't want her to feel humiliated). She also happened to get replies from about 5 or 6 other folks pointing her to the same FTC urls.

Needless to say, she wrote back to everyone she'd spammed, apologizing and notifying everyone about the scam/hoax.
Sunday, 21 October 2007 07:29:41 UTC
I find it's not enough just to give your view on whether something is a hoax or a scam. You need to explain how you worked it out. 99% of these things are not difficult to detect without referring to any external source of authority. We need to teach our parents and grandparents (and our children) how to do this. Common tests are:

1. Does it ask you to forward the mail to all your contacts?
2. Does it threaten you with bad luck in your life if you don't pass it on?
3. Does it make any sort of threat if you do not take the action asked for? Is there something in the mail which looks as though it is designed to frighten you just a bit (e.g. your cellphone number being released to a telemarketer)?
4. Does it refer to another source for what it's telling you without giving you the information to go and check for yourself?

We need to be tolerant with people who are naturally trusting and don't expect a constant bombardment of emails like this. That they are asking us before responding is a great first step.
Julian Gall
Sunday, 21 October 2007 09:45:49 UTC
I installed http://www.spamfighter.com/ on my wifes computer and it completely solved the problem. It just works!
Peter BB
Sunday, 21 October 2007 14:10:30 UTC
Cut out more of the noise for them. If you can get Symantec's BrightMail, it works like a charm!
Evan
Sunday, 21 October 2007 14:37:12 UTC
Snopes.com, every time.
Peter
Sunday, 21 October 2007 15:19:48 UTC
My wife forwarded a phishing e-mail from what was supposedly our credit card company. When I received it at work, I immediately called her to make sure she didn't click anything. I think gmail had fixed the link, though, so it actually went to the bank's site and not the phishing site.

I go to snopes.com for just about every e-mail I receive. I don't usually reply to family about the validity of an e-mail, though. I usually just say something like, "I wouldn't rely on being able to unlock your car door over the phone. I'm pretty sure it won't work."

`Andy
Sunday, 21 October 2007 16:32:37 UTC
See, I refuse to go to snopes.com because not only do they use aggresive Pop-Unders, but also some kind of ActiveX control that IE7 feels strongly enough about to block. I don't trust that site.
Sunday, 21 October 2007 17:16:47 UTC
I can relate to every single comment made here. My favorite fantasy solution is simply destroying the computers of those people who abuse their forward-to-all-the-people-in-my-address-book feature of whatever email client they are using. I've tried every solution related above and more and I still get this craziness. From certain relatives, any subject line that reads "FW: *" just gets an automatic delete without even considering it further. I know, I know, it's the shirking the burden of being the family IT guy, but let's face it, the family does not pay well.
Sunday, 21 October 2007 18:28:06 UTC
I run into the situation that Cam reports with some of my friends. I do all of the things suggested here, such as point to a description of the scam or hoax, describe what makes it suspicious, and how I checked, etc.

Just today my wife forwarded me an e-mail on "Costco pharmacy." All of the usual alarms went off, even though I have recently received a postal mail from my prescription drug plan explaining how to take advantage of the Wal-mart reduced price prescriptions and what is covered and what is not. So, even though there are some price reductions to be found, I was wary of the forwarded material, especially because it was supposed to be someone working in a US Government agency, is not dated, doesn't link to sources, etc,. etc.

Sure enough, a quick web search on '"Costco pharmacy" hoax' produced a hit about the very e-mail message.

My wife knows to check with me about stuff. The funny part is that people who've received my replies about hoaxes simply stop including me in their rebroadcasts, but they keep sending them to my wife (who checks with me, etc.). One time I asked this particular sender why, after learning how many of these things are hoaxes, she continued to send them out. Her response was that she knew she could count on me to fact check them. My only problem was why didn't she have me fact check them before she broadcast them to all of her friends? (I generally only respond to the sender and not their full list of addressees. But apparently that still produces embarassment without change in behavior beyond avoiding me.)

I made a little video about this. Let's see ... ah, there it is:
http://www.kyte.tv/ch/7041-orcmids-flying-kyte/27912-hooptedoodle-1
I get to this part of the situation in the last 7-8 minutes.
Monday, 22 October 2007 08:47:59 UTC
The advice I give to my non-computery-friends is:

1. Trash EVERYTHING coming from people you don't know
2. Trash every mail coming in a foreign language from people you know (being Italian helps avoiding English spam)
3. Trash every mail that talks about global events (such as the one in Scott's post). It's 100% bullshit, and if it's not bullshit, you can't do anything about it (there is NO "Act now to avoid this theft!"). Your friends should just write you about topics that you BOTH know.
4. Don't open random funny attachments from people you know. Forget the fact that you have an updated Antivirus, forget that your friend always sends funny stuff to you. Just don't open anything funny, you can live well without a 3 seconds clip or flash game. Period. (besides, everything funny can now be seen on Youtube)

On the other hand... it is always funny to reply to Nigerian Scam, telling them you're going to send them your money and then talking about some demi-human god... but this is something I won't suggest to my friends ;-)
Monday, 22 October 2007 12:38:02 UTC
My soon to be mother-in-law sends me emails about virus alerts all the time. The emails always describe some virus and how it spreads and say it is one of or the worst virus ever seen. Her mother-in-law sends them to her so she'll be safe from them, and they get delivered to me asking if I've heard of them. I've tried to explain that no virus alerts would ever come through email like that, and the content of the emails is not even close to being technically accurate most of the time.

It is slightly ironic that people try to prevent one type of web-based annoyance by spreading another one.
Monday, 22 October 2007 12:51:00 UTC
It is very hard for even those of use who are part of the new computer generation(s) and write software. Imagine what it is like for those of the past generations who are trying to just keep in touch with their family members. I have to keep reminding myself this fact when my mother or father call me or forward some new scam or virus alert that tells them to go to this site to confirm it.

For me it is nothing but a few keystrokes to look this information up, but to them it is all just a foreign language. I have set up various filters on their computers and tried to educate them on the newest issues, but as I said, it is just a foreign language to them.

My father keeps asking me why the filters never work on his system and I have to try and explain to him that it is working, these people sending them just find new ways around the filters. I hope that one day I can get him believe me on that. Oh well, just keep telling yourself that this is your good deed for the day, or in my case for the next 5 minutes, until they send another one LOL.
Monday, 22 October 2007 13:45:06 UTC
My simple solution is I tell my mom NEVER believe ANYTHING you read on the internet. With that answer, I'm guaranteed to be right 99.9% of the time with her.
Monday, 22 October 2007 14:29:05 UTC
Scott, snopes.com has been around forever, and they're pretty harmless. They've certainly gotten way more aggressive over the past few years with the ads. I've been visiting that site for years (since 98, at least), and have never come across anything malicious.
Monday, 22 October 2007 15:12:30 UTC
It only took a couple recommendations to my grandpa for him to get it all figured out. When he gets a free viagra email, although it is intriguing (lol), he knows to delete it and not waste his time. He knows when the sender is someone he does not recognize, to ignore all of the attachments. And he knows that he cannot win a billion dollars simply by "CLICKING HERE".

It quickly becomes common sense, but it doesn't start that way.

Another grandmother of mine always clicks the "you have won! click here" advertisements. Actually, she double-clicks them. No matter how many times I tell her that she did not win and it's dangerous to visit those sites, she still thinks she has a chance of raking in some free dough. Some people are more stubborn than others, and it will likely take a tragedy for them to understand.

It all depends on who is reading the screen. My basic point ist hat I don't feel that "web savvy" is a teachable trait. It is best acquired through experience.
Monday, 22 October 2007 15:13:19 UTC
Scott - It is so funny reading this. My mom sent me the same email, as a reminder to signup, about a month ago. I quickly introduced her to snopes.com. It is so hard to teach family and friends that might not be as internet savvy as the rest of us, what is harmful and what is not.

On a funny note, I used to have a roommate, my best friend, that whenever he used my computer it was almost a certainty that he would give it a virus and I would have to reformat and rebuild. Needless to say, he is not allowed to touch my machines anymore.
Monday, 22 October 2007 16:43:09 UTC
Apart from Snopes (which, IMHO, dispite the pop-ups is better than nothing), I also recommend BreakTheChain.org.
For your Hebrew readers I would strongly recommend this.
But, of course, nothing beats common sense ...

It's always a pleasure reading you :-)
Monday, 22 October 2007 16:58:06 UTC
Sigh,

My dad used to come over to my house with a list of web sites he wanted to visit or worse, I'd get a phone call from him saying "Are you at your computer?".

I got tired of it and being a good son I built Dad a basic computer good enough for the web and Office stuff.

Now when the phone rings I hear "There's something wrong with my computer..."

Sigh...

I've had to rebuild it several times now as the spyware/rootkit infestation was so bad there was nothing I could do. RootKit Revealer from Russinovich wouldn't even launch</i> let alone remove anything. The last time he was running AVG Anti-Virus and Anti-Spyware as well as Windows Defender and he updated them all the time. (Filini above is right not to trust the AV program to save you)

It's been a long road but he's getting pretty savy now. He just recently finished ripping his entire vinyl album collection to mp3. Every track is a separte file too and not just one big one for each side of the album. He's backed them all up on CDs too.

Oh, and I'm getting smarter too. Last time I rebuilt it I created an image with Acronis True Image and trained Dad to save all of his files on a separate partition. I remapped his My Documents folder there as well to help with the retraining. :-)

PS. That Live Comment Preview is da bomb!
Monday, 22 October 2007 17:01:24 UTC
Well. There's a bug. If you don't leave a space between the text and the closing HTML tag, something goes pear-shaped.
Monday, 22 October 2007 20:28:16 UTC
And also if you don't close the < i >-tag </i>every post underneath would also be italic.
Espen AJ
Monday, 22 October 2007 21:26:27 UTC
Incidentally, it is time to re-register for the National Do-Not-Call registry:

http://lifehacker.com/software/notag/-313009.php
Monday, 22 October 2007 22:20:39 UTC
Check the link. People that fall for email scams fall for other stuff as well - in my experience with my family anyway.
Monday, 22 October 2007 22:24:37 UTC
I used to be like everyone here - the IT dept for my family and a hostage to my relatives and their inability not to click on everything that shines like a new dime.

I have a solution for all your wifes and in-laws. Get them (or recommend to them) a mac. They are as cheap as PCs these days and result in a lot fewer problems.

If they are looking for a desktop, get them a Mac Mini - it's plenty fast, small, quiet and only $600 or so.
If they are looking for a laptop, get them the cheapest MacBook.

Now, regardless of how hard my relatives try, they can't get a spyware infestation.
Tuesday, 23 October 2007 17:43:26 UTC
Instead of snopes you can use urbanlegends.about.com.

Also, I try to be as nice as possible about it. The person will already feel bad.
Matthew
Comments are closed.

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.