Security

Top 10 sites to debunk urban legends


Has this ever happened to you?  You're busy working on an intense project when someone in the company excitedly forwards you one of those stupid urban legend chain mail spams asking if it is true.  Or worse, they simply forward it to everyone in the company without checking with you first.

It doesn't matter that you have a written IT policy on the company intranet explaining what a useless activity this is.  Nor does it matter that you have tried to explain to this individual several times that junk like this is really annoying to everybody who receives it.  They just don't seem to get it.

It's bad enough that we get spam from outside the company.  Do we have to endure it from our own employees also?  As the IT Manager I have to take a few minutes to debunk the latest urban legend that got the naive employee so excited.  What's worse, I have to be extra nice because it is an executive who forwarded the e-mail.

Of course the basic skill in responding to these interruptions is Google and keywords.  I am still amazed after all these years how many people don't know how to Google properly.  Maybe it's just the people in the company I work for are that are sadly Google-challenged.  Hopefully you have this better managed in your company.

I've often wished for a list of sites to which I could refer the offending co-worker so I decided to compile a short list of what I consider to be the top ten.  Actually, you really only need the top three but I've found the others to be useful on occasion.  Sometimes these sites can be entertaining reading but who has time for that?

1. Snopes- Who hasn't heard of Snopes?  This is the grand-daddy of all fact-checking sites.  Some of the worst chain spams even quote Snopes with an embedded link to give their e-mail an added level of authenticity.  Of course, Snopes has been known to be wrong and has changed their listings on several occasions.  They've also become very commercialized and include lots of pop-ups over the years - very annoying - but it is a very complete site.

2. About Urban Legends- This about.com subsite has been hosted for ten years by David Emery and frankly, he has done a great job.  He is passionate about finding and debunking all those rumors, myths, pranks and odd stories.  I have found lately that I am referring more people to his site than Snopes because I like the format better.  The site also shows up in more Google searches than the others indicating that the content is well linked and used.

3. Break The Chain- In 1999, John Ratliff was annoyed that he kept receiving the same chain spams forwarded to him over and over.  I have been just as annoyed for just as long but he did something about it.  Like most of these sites, John has plenty of healthy advertisements but no pop-ups.  His site is getting more professional looking all the time.  He is also frequently cited by the media when looking for an authoritative source on these stupid chain mails.

4. Hoaxbusters- The site has been around a long time (since 1995) and has a good archive but doesn't seem to be as current as it once was.  It is a part of the US Department of Energy - Computer Incident Advisory Capacity (CAIC).  Chances are that if you cannot find details of a hoax on one of the other sites, you may be able to find it here.  Because it has been around so long there are some dead links.  Hoaxbusters also contains a page of links to other hoax sites.

5. Sophos - This anti-virus company keeps a small list of hoaxes and urban legends but it is not nearly as complete as the sites at the top of this list.  Their focus is more on virus hoaxes -you know, the ones that scream that you will wipe your hard drive and melt the motherboard if you open the suspect e-mail.

6. F-Secure - They claim that their list is comprehensive and the industry standard source for all things hoax related.  Don't believe it.  If you click on their list of latest hoaxes you'll see that it hasn't been updated for a few years.  However, it is still a good list to search if you don't find what you're looking for elsewhere.

7. VMyths- Well referenced by specialists in the computer security field, VMyths takes Internet hoaxes and chain letters to a new level.  If you want to read what the real experts have to say about Internet hoaxes, virus scares, myths and legends, get it from Rob Rosenberger at VMyths.  Unfortunately, their lists are not comprehensive.

8. Symantec- I have a love-hate affair with Symantec.  I use their products but I've been burned by them several times lately.  That's a story for another post.  Their hoax list is pretty good but seems a little dated.  Maybe that's because most hoaxes today are really recycled from earlier hoaxes.

9. Trend Micro - They have improved their list lately with some good updates.  I like their style and formatting.  Obviously a company that sells AV solutions has a vested interest in keeping their hoax list up to date.  Check out their complete list of urban legends.  It has some entries that I have not seen elsewhere.

10. Virus Busters - A short list from the University of Michigan of hoaxes and legends that keep coming back.  Like the UofM, I have not seen a lot of new hoaxes lately - they are almost all repackaged oldies.  The list is not intended to be comprehensive but is a good reference point for what you will see on a regular basis.

I know I've missed the favorite site of somebody and would like to hear about it.  Add yours to the comments so we can all add to our knowledge of what's out there.  And may your New Year not include a batch of new employees who feel they must educate you about Bill Gates' desire to send you big bucks for forwarding chain letters.

Update: Several readers pointed out that I should have included TruthOrFiction.com in this list.  I agree.  I don't know how I missed this excellent site from Rich Buhler.  In fact, I would put it towards the top of the list.  Thanks.

27 comments
sweetsandals
sweetsandals

I hope you will update this article.  It is still timely, except for the information about F-Secure.  Please read their hoax site information here:  http://www.f-secure.com/virus-info/hoax/  They do not debunk any hoaxes except virus warnings.  It's not their purpose.   I've used F-Secure AV for over a decade, been virus free, and will never buy anything else.  Period.  Norton and McAfee are bad jokes in my opinion and I have been infected while using either of them. 

johnston6
johnston6

thatsNonsense.com is also good. not a complete listing but they have informative articles tha helped me. I also have dismissed a few hoaxes based on what they have said.

stoutcj
stoutcj

Thanks for the candid assessments of each site!!

Tink!
Tink!

I always liked Snopes. I have not gotten popups on that site . Many an email I've debunked with Snopes. Bookmarked the About Urban site. Will check it out later.

melekali
melekali

Thanks. You gave me #10 & the update.

frank_s
frank_s

The Department of Energy's "Hoaxbuster" site has been closed down. However there is www.hoaxbusters.org (which has an explanation about the DOE's site). I don't know how good it is because I haven't used it; but it might be worth a try. When you're verifying/debunking these things, I think it's best to look on two or three of the better debunking sites to be sure of getting accurate information.

done
done

I sent this to everyone in my address book, and added the comment that they should also or someone may phart in their direction causing unpleasantness.

lequitas
lequitas

I use yahoo for most of my searches and if I have recieved an email(I use yahoo free mail) on the topic it's always listed. It takes less time to assume it's bunk.

Larry the Security Guy
Larry the Security Guy

http://www.stellaawards.com/ We all remember Stella Liebeck who, in 1992, spilled coffee on herself and sued McDonald's because it was hot? There are a lot of fabricated stories, including the one about the Winnebago owner and cruise control, that may have been created to point out the problems in our (U.S.) legal system. But they're fabricated, and Randy's site helps to point them out. I get urban legend emails from friends and family all the time, usually one of those email petitions or some kind of hard luck story. For each one I first check Snopes and usually find a listing. I write back to the sender (or to everyone if they didn't BCC) and let them know it's bogus, and then ask them to check Snopes or some other urban legends resource before sending out more. Sometimes they learn, sometimes not.

deinsele
deinsele

I always rely on www.TruthOrFiction.com.

swheeler
swheeler

It's wonderful to commiserate. I worked at a software company whose salespeople and even my manager fell for chain mail. From the red shirt on Friday to gas boycotts - they fell for it.

karexx
karexx

Thank you! Thank you! Thank you! I forwarded the link to this article to everybody in my address book, warning them that if they didn't bookmark every site and forward the message to everybody in their address book that molten wax would settle in their ear canals and their pinkie toes would turn bright green.

howiem
howiem

I believe that scambusters.org and truthorfiction.com are worth adding.

JamesRL
JamesRL

Once upon a time, before the millions of people invaded the internet, there was a small group of people using usenet as a forum for all kinds of discussion. alt.folklore.urban or AFU (say it out loud)was one such group, with a charming set of rules and procedures. When I started reading and posting to AFU in 1992, Snopes (and his charming future wife Barbara) was a leading member. In fact I think my first post was to repond to something he posted, and I soon was taught some valuable lessons about trolling. The group had created an archive called Cathouse, and eventually it became a graphical website called The Archive Formerly Known As Cathouse, or tafkac for short (tafkac.org). Unfortunately when Snopes and Babs decided to go commercial they demanded the right to take all of their contributions to tafkac and forbid tafkac to display them. Many fast friends were parted and bitter feuds developed. The website hasn't been updated for years and the search engine is broken, but the archives stand as a good reference site, if not up to the minute up to date. And I'm not just saying that because I am a contributor. If you really want to debunk a myth, feel free to drop by alt.folklore.urban to discuss, though please feel free to read the FAQ first. The group is long passed its glory days, kinda Hotel California-ish, but there are still many learned people there who take their debunking seriously. We've heard it all before....usually. And watch out for the shibboleths (Austria/Australia as one example). James

Jaqui
Jaqui

without verifying if they are true or not? hit them where it counts. have a company policy that there is a 50 cent charge for every hoax / chain email sent to employees by another employee. the first paycheque where they get 50 cents per employee deducted for sending ONE of them will make them stop, or go broke.

inbox.com
inbox.com

My wife, her sisters & their friends are notorious for forwarding "too good to be true" or "FUD" emails. I normally use Snopes to debunk the crap but I will keep this list handy to reinforce "research before you forward" emails.

JamesRL
JamesRL

...the person that is. I met him online posting on alt.folklore.urban in the early 90s. But the website is pretty good. Actually I don't dislike him now, but when we first exhnaged barbs, he was the pestiest troll I'd ever met. Barbara(Ms. Snopes) is a great great human being. James

tim
tim

Somebody went to a lot of work to compile that list. Thanks for the link.

pvilan
pvilan

Thanks for your valuable info!

thart
thart

Are you telling me you have a policy like this in place? Did you not read the post? The employee sending out the hoaxes is a Sr. Level guy, probably holding more power than most IT Administrators. Policies like this are fun for us to fantasize about but would never get approved by upper management.

tim
tim

I know discussion of IT policy probably belongs elsewhere, but in my case, the official IT policy on this and many other items, even though posted on the intranet, is largely ignored. I slaved for weeks to craft the best policies, pulling from many sources in an attempt to cover most every possible scenario of computer use and abuse. I make sure I point it out to all the new employees as part of my IT orientation package. I even put a shortcut in their browser or on their desktop. They may glance at it once because frankly, who wants to wade through pages and pages of boring computer stuff. No, it's the old time employees and especially the executives who are the worst abusers of IT policy.

thart
thart

"No, it's the old time employees and especially the executives who are the worst abusers of IT policy." That's exactly my point! We can try all we want, but at the end of the day, when the guys paying your salary are the abusers, there's only so much you can do. Fortunately at my company the executives are easy to work with and actually respect my opinion (that's new). No wonder I like working here.