Written by David Harley, ESET We Live Security
Recently I’ve been seeing lightly-revised versions of a longstanding hoax (or perhaps I should say semi-hoax, since there seems to be a small nugget of truth buried in the misinformation).
Actually, it’s not extensively revised: basically, it warns against perfume sellers in supermarket car parks. Not, as you might think, because of the legal issues around buying and selling cheap copies passed off as branded goods, but because, it’s claimed, they are inviting women to take a sniff of ‘perfume’ which is actually ether or some drug with similar properties. The story goes that the victims immediately pass out, only to come round later to discover their ‘handbag, valuables and car keys’ are gone. The version I saw this morning claims that this is happening in Aldi car parks ‘across the country’, but the same claim is made in other versions about Tesco and Asda, while US-specific versions often cite Wal-Mart as the targeted supermarket.
Honey take a whiff on me*
Are supermarkets really such dangerous places? Not in this respect, at any rate. This story has been circulating since 2000 or so, and yet there have been no substantiated reports of such an attack. Somewhat bizarrely, the variants of the story that I’ve seen don’t describe actual attacks, but encounters with individuals who are presumed to be working up to such an attack. However, the potential victim claims that they refused to let the attackers get to the point of offering the perfume, having been alerted to the risk previously by a chain email.
Here is the sequence of events that is supposed to take place, according to several versions of the chain email:
- The victim is approached by two or three males and asked what perfume she uses.
- She’s asked if she’d like to try a ‘fabulous perfume’ that they’re offering very cheaply.
- She does so, passes out, and is robbed.
However, in most of the messages I’ve seen, the presumed attackers don’t get past stage one. If the messages are based on genuine encounters, it doesn’t mean that the people offering perfume were setting up a robbery. Snopes – always a good site to check when you receive alarming warnings through chain emails or social media – points out that scent companies do, in fact, hire people to sell their products door to door or in parking lots, and their behaviors may be consistent with that of the presumed attackers in the (semi-)hoax.
Bertha Johnson, of Mobile, Alabama, reported that when she pulled into a bank parking lot a woman offered to sell her bottles of cologne worth $45US for $8US each: however, after she tried sniffing a sample, she lost consciousness and was robbed of $800 she’d been carrying, including $300 of her employer’s money. Snopes lists several reasons why it is sceptical of that claim, and there has been no official verification.
As regards the subsequent warnings, there are at least two reasons to be sceptical: the absence of any official reports of such attacks, and the unlikely nature of the ‘instant knockout’ scenario. Stopes points out that:
Ether is nasty, volatile stuff that requires a great deal more than a few brief inhalations to knock a person out. In fact, it’s hard to think of any substance that could produce the instant unconsciousness described here.
More smelly stories
This isn’t the only dubious warning of attacks associated with perfume, though. Snopes also describes a hoax describing the fictitious deaths of a number of women who are supposed to have received deadly perfume samples in the mail. David Mikkelson believes this to be an offshoot of the supermarket car park story influenced by the (genuine) anthrax spore attacks of 2001 and the purely fictional Klingerman Virus (also the subject of a Snopes analysis here). Another hoax claims that the perfume samples are presented as ‘paper laced with drugs’.
Other warnings allege that attackers are using business cards or pieces of paper laced with burundanga, a street version of scopolamine hydrobromide. Burundanga is reported as having been used by criminals for its disorienting and disabling effects on victims, especially in Colombia and possibly in other parts of South America. In these cases, however, it’s probably administered in food or drink. In general, to have such a swift and debilitating effect on a victim, it must be ingested, inhaled or injected. It can be administered via the skin – in fact, transdermal patches are used to administer a form of scopolamine for the treatment of travel sickness – but the result is far less dramatic than indicated in the warnings to which I’m referring, and requires prolonged contact. David Emeryobserves:
Like the stories circulating in North America about criminals using ether-tainted perfume samples to knock out their victims, the burundanga emails trade on fear, not facts. They tell of alleged close calls with would-be attackers, not actual crimes. They are dysfunctional cautionary tales.
Emery also suggests that urban legends like this take the place of horror stories told around the campfire. He remarks:
We still enjoy scaring each other, only now we do it by the glow of a computer screen instead of a crackling fire.
Well, perhaps. But there’s a difference between tales told in a social situation where scary stories are expected, and misleading messages that can spread unnecessary fear and even panic. You can’t enjoy a scary story if you don’t realize that it’s fiction, and most of us don’t find initiating or spreading a scary story either funny or ethical if it’s spread with the intention of deceiving others who will pass it on in the belief that it’s true.
Check before you forward
Of course, most people don’t deliberately spread misinformation, but all too many people simply don’t check such warnings. Even if they aren’t sure that a story sounds quite right, they may pass it on ‘just in case’. But when others receive such messages from people they trust, they are all the more willing to pass it on, so the spread of misinformation accelerates.
One of the examples of the alleged car park scam/attack I saw was recently flagged on Facebook. Dr. Alan Solomon, one of the founding fathers of the anti-virus industry, also saw that post and asked the poster not to post fake news, citing his own blog from 2016: Two strikes and you’re out. In that blog, he warns readers that he now has a policy of blocking people from his own feed the second time they pass on ‘blatant nonsense’. I’m not sure I want to follow his example, tempting though it is. However, I certainly agree that ‘critical thinking’ and checking with Snopes (and other hoax-tracking sites, though Snopes is certainly one of the best) is the only responsible course of action before you even think about forwarding such alarming messages to others.
There’s no such thing as ‘too scary to take time to check’.