You find a message in your E-mail in-box warning you of imminent disaster. A computer virus. A hidden piece of privacy-breaching software. A little boy with an incurable disease whose last wish is to make the Guinness Book of World's Records. It's up to you, the E-mail urges you, to take action. What do you do? That's the question more and more people are asking themselves, more and more often, as the Internet grows in reach, and new rumors, pranks and hoaxes circulate through an ever larger, and ever more vulnerable, population. These E-mail chains are often merely irksome, like the case of a boy who circulated messages aimed at putting him in the record books for receiving get-well cards (he's received tens of millions of cards, despite the fact that he isn't ill). In most cases, the worst they spread is fear and uncertainty, like the recurrent warnings about a supposed virus called "GoodTimes" (the virus doesn't exist). In a few cases, hoaxes seem to have been started to foster ill will against an organization, like a recent story alleging a covert breach of its users' privacy by America Online. The Internet, with its ability to instantly distribute information in a personal, almost impulsive way, is the perfect medium for hoaxes, according to technology writer Clifford Stoll: "E-mail is a great way to spread urban myths, rumors, gossip, and lies." Konrad Roeder, a systems engineer and Internet columnist, agrees: "Not only is the Internet providing very fast connections between people, it allows urban legends to be transmitted rather rapidly," he said. This can have another pernicious side-effect: "In turn, many get into printed publications and are taken as fact." Though warnings or notices received over E-mail might seem important and authentic at first glance, they're often surprisingly easy to debunk; the problem is that most people, caught up in the moment, don't bother to authenticate what they're reading before forwarding the warning to all their loved ones, business associates, fellow PTA members, etc. According to Stoll, the first warning sign is if a message has been forwarded to a long chain of people, or if carbon-copies have been mailed to more than two or three others. Stoll maintains that if a message is being distributed by E-mail, the chances are it's either unimportant or simply fake. "Rarely are legitimate warnings sent widely by E-mail," Stoll said. "Because E-mail is a bad way to get a message out widely, quickly. You're depending upon other people to relay the message." Even if warnings are going out by E-mail, Stoll said, they will almost always be accompanied by advisories on reputable Web sites, newspapers, and other media. The U.S. Department of Energy maintains a useful resource that lists major hoaxes as they come up. (The site also offers advice on identifying hoax E-mails.) And the Usenet portion of the Internet is quick to pick up on hoaxes; Usenet can be searched via DejaNews. Another way to tell truth from fiction in the E-mail world is simply by paying attention to the way the message is written. Konrad Roeder points out that every hoax E-mail exists primarily to replicate itself as many times as possible, and therefore, it will always include two elements: first, it will provoke an emotional response, and second, it will urge readers to act on their emotions by forwarding the message to as many people as possible. "In a sense, what's happening is it's a thought virus," Roeder said. "They affect you, making you feel something, and then get you to pass [the message] on to other people." Because of the clever way it's put together, the recent "killer cookie" story about America Online is hard to definitively identify as a hoax; but a close-reading reveals enough identifying marks to make a pretty sure judgment. The E-mail would seem to present a compelling story: claiming to be from a former AOL employee, it warned that the latest version of the service's software included a feature that would allow AOL to read the contents of its users' hard drives. While none of what was described in the letter is technically impossible, it is extremely unlikely. But how do you discredit a message that's claiming to expose a secret plot? Any denials by AOL