ABC’s of Security: H – Hoaxes, Legends, or Legitimate Email: You be the Judge

The advent of email has been both a blessing and a curse. By making communication so much easier, contact – both desired and undesired – increased exponentially. Unfortunately, as time has told, most of this communication was in fact unwanted. Chain letters have become a huge issue, and many users’ inboxes have become filled with these hoaxes and urban legends. However, by identifying chain mail and validating claims, users can avoid falling for these deceptive emails. 

Chain letters, regardless of their type, are identifiable by a few consistent attributes. First, the message often comes with a threat or a promise; for example, threatening tragedy to the reader, or offering money or gift cards. Second, they frequently exaggerate their own importance, and may explicitly claim not to be a hoax. Third, these letters are typically riddled with spelling and grammatical errors, and poorly written emails deserve extra scrutiny. Last and most importantly, the chain letters in particular will encourage the user to forward it, or display a history of such in the subject line. 

Identifying these emails is particularly important due to their subject matter. Chain mail can typically be divided into two categories: hoaxes and urban legends. In the first, users are deliberately tricked to believe some sort of claim, often to extract personal information. For

example, users may believe there has been a credit breach, and provide their SSN to an illegitimate website. In urban legends, users are tricked to believe some false claim, such as some kind of impending threat that everyone must be warned about; this may be intended to spread ignorance or extract money from the reader. In either case, spreading these emails isn’t just an annoyance, but may genuinely harm less scrutinous readers. 

If the legitimacy of an email is ever doubtful, there are a few resources users may use to validate the email. For general fact checking, and especially outrageous claims, Snopes offers a vast list of claims paired with full investigations. In addition to specifying whether the claim is true or false, the site provides a plethora of background information with cited sources. Truth or Fiction is another such site, documenting outrageous claims and fake news with excellent documentation. Symantec offers a similar service, but specifically targeted towards security risks. By acting scrutinous and employing these resources, users should avoid most threats.  

Author: Grey Ruessler, IT User Services 


Householder & McDowell. March 11th, 2011. Identifying Hoaxes and Urban Legends. Department of Homeland Security: CISA. Retrieved from 

Mikkelson, David. September 27th, 2009. Chain Letters. Snopes. Retrieved