The series of Bill Gates email chain letters is topping the charts as the most prevalent
scam on the Internet, choking corporate in-boxes, clogging bandwidth and causing headaches
for IT managers.
The Bill Gates email has a string of variants, some going back several years and a few brand
new ones just going out in the wild, according to Sophos, Inc., a security and anti-virus
company based in Lynnfield, Mass. One variant of the email chain letter claims that Gates,
chairman of Microsoft Corp., is teaming up with British Airways to give away free plane
tickets to anyone who forwards the email to 10 or more people. A more recent variant claims
that Gates himself will pay $245 for every person you forward it to.
“It’s obviously just nonsense,” says Chris Belthoff, a senior security analyst with
Sophos. “Even though they seem benign, the downside of these hoaxes is that they’re a
productivity issue, and a network and bandwidth issue. They end up being the bane of most IT
managers.”
Dan Woolley, a vice president at network security company SilentRunner, says no matter how
long hoaxes have been around, people keep falling for them — and they continue to be an IT
problem.
”What’s so funny is that there are still so many people who will send this around,” says
Woolley. ”I got one on my home system from a top-level security guy. He sent it to 30 or 40
people. People are just gullible. I don’t understand why they fall for it, but they do.”
And Woolley adds that they’re sending them around to a lot of people.
”You open up your mailbox and think, ‘Well, let me send this one to 15 or 20 people.’, says
Woolley. ”That affects productivity, especially when people start responding to it.”
Stopping these hoaxes from wasting time and network space is a matter of employee education,
says Tony Magallanez, a systems engineer at F-Secure Inc., a data security and anti-virus
company.
”It’s an ongoing process,” he says. ”Human education is always an ongoing process. People
in the workplace are learning that these are hoaxes and they’re unreliable.”
But analysts generally agree that it’s IT’s responsibility to make sure employees are
learning these lessons — about hoaxes, email fraud, identity theft or spam.
”Educate people that any email that encourages forwarding is not legitimate,” says Sophos’
Belthoff. ”It’s either a hoax, or a virus or both… The biggest key is user education. IT
departments need to take an active role in somehow ensuring that there is education. In the
end, it will only make their jobs easier.”