A hoax is another element of social engineering in which the attacker presents a fictitious situation as real. It is related to the idea of a scam, though in a hoax, the attacker's goal is not necessarily financial gain. The following are some examples of hoaxes that may convince unsuspecting users:
- A pop-up that says an antivirus program identified the presence of malware on a target's system. The target should click a link in order to fix this infection. In reality, the link itself leads to malicious code.
- An email claiming to be from a citizen of a foreign country asks the target to help them access funds in a bank account. They request that the target send them money in advance and that they will receive a percentage of the total sum in the account. In reality, there is no such account, and the attacker simply takes the money the victim sends them.
- An email claiming to be from Amazon says that the target's account has been flagged for suspicious activity. The target must sign in to Amazon and confirm that the account has not been compromised. In reality, the sign in link goes to a pharming website that steals the user's credentials.
- A blog post claiming that most computer performance issues are the result of RAM that has not been "cleaned" often enough. The post offers steps for how to perform a "clean" operation at the command line. In reality, this command has formatted a user's storage drive, completely wiping its contents.
