How to spot a web hoax

Every journalist learns (or should learn) how to evaluate sources and, as the web increasingly becomes a source for stories, we need to know whether the things that we stumble across there would make a good source. The internet has been an important part of my job as a journalist almost since I took my first full-time journalism job in 1994. Internet journalists have their own investigative skills, skills that will have to become more widespread as the internet becomes part of every journalist’s job.

I mention this in the wake of a hoax last week by Alex Hilton, aka the British political blogger Recess Monkey. For background, I’ll refer to the Guardian, my day job:

Been following the ding-dong over Tory MP Chris Grayling comparing parts of “Broken Britain” to Baltimore, the crime-ridden city shown in The Wire? What about the riposte from Baltimore mayor Sheila Dixon, who has hit back stating that comparing The Wire to the real Baltimore was “as pointless as boasting that Baltimore has a per capita homicide rate a fraction of that in the popular UK television show Midsomer Murders.” If only.

The British press, and to be fair the hometown Baltimore Sun, reported that the mayor of Baltimore rose to the defence of her fair city. The only problem is that she didn’t. The Guardian was one of the British newspapers that fell for the hoax.

I have to take my hat off to Alex. I’ve never had the pleasure of meeting him, but the hoax was very well executed. Alex created a Twitter account to promote the site. He created a YouTube channel and a video.

To create the site, he simply copied the underlying code from a web page from the official Mayor of Baltimore’s site and changed some of the content. This retained all of the links to the official site and the images were simply pulled from the official server. It’s an immaculate hack. He didn’t have to break into anyone’s server, just copy a web page and add his own content.

It’s a similar trick to phishing scams. It looks like or your bank, but you’ve actually just been sent to some mobsters’ site in Russia or a naked IP address. (I don’t mean to disparage the good people of Russia, but a helluva lot of phishing scams are .ru.) You have to be pay attention to the web address to notice that you’ve suddenly been teleported somewhere else on the web.

Alex explains his motivations and the clues that he left to tip anyone off that it was a joke:

So what else did I do to make sure this wasn’t seen as the true views of the Mayor of Baltimore or an attempt to deceive anyone or to smear Chris Grayling? I registered the domain in my own name. I squirrelled in the English spelling of “dishonoured” as a clue. I put at the bottom of the page, “Copyright R Monkee Esq” and linked it to my currently decrepit Recess Monkey website. I put the following message on Recess Monkey for anyone who cared to follow the link:

Sorry, RecessMonkey is on holiday in Maryland. Right mouse button click view source (but not on this website) R Monkee Esq.

If you had looked at the source on the site, you would have found this:

OK, so I’m just having a bit of fun at Chris Grayling’s expense. Sitting in the office on a hot August afternoon, I was fantasising that I was Mayor of Baltimore and how annoyed I would be. I hope you very quickly picked up that this was a spoof. Didn’t mean to break any laws or ethical mores – please don’t extradite me if I have unwittingly done so. Hope you appreciate the humour, Alex Hilton, – 07985 384 859

Alex expected journalists to spot the humour and the hoax, but it was reported as fact. He rang the Guardian switchboard and was put through to me. He was trying to ratchet down the media furore. The Guardian media desk wrote a brief story about the hoax, and I alerted the news desk so the correction process could begin.

So, what gives a hoax like this away? Here’s your three point guide to spotting when someone’s pulling your leg.

  1. Pay attention to the URL
    When a colleague sent me the website address, I spotted the hoax immediately. I didn’t even need to see the site to know it was a fake. How? The URL was, not .gov or In a UK context, that’s similar to a fake Downing Street site with the address instead of Org addresses are for non-profits not for governmental websites.
  2. Who owns the site?
    Finding out who owns a site is easy. Do a WHOIS lookup, and you’ll find out not only who owns the site, but sometimes even their contact details. Most of the time this is corporate information that won’t give you a person to ring, but as Alex says, he registered the site in his own name.
  3. Hover over the links
    Why? If you hover over the links, you would have seen they went to a different address, not It could save you from a phishing scam and it could have prevented journalists from falling for this hoax.
  4. Be wary of a Twitter account with only one update
    Alex created a fake Twitter account, and the only update linked to his fake press release. That’s a big warning sign to me.

Alex also hid a huge clue in the source code, including his mobile phone number and his e-mail address. To see the underlying code of a web page in Firefox, go to the View menu and scroll down to Source. For Internet Explorer, go to Page on the menu bar and scroll down to Page Source. UPDATE: A commenter on Twitter admitted she probably wouldn’t have thought to look at the source code of the page. I looked at the code because I wanted to see how Alex had cloned the page. When things look fishy, the code can reveal a lot. Alex also made it clear on Recess Monkey that there was an Easter Egg hidden there as well.

Much of what I have described were once specialist skills that only web geeks needed to know, but as the web becomes more of every journalists’ job, having these relatively simple skills might be the thing that prevents you from falling for the next hoax. These are not technical skills anymore. They are skills you need to evaluate a source on the web, conduct an investigation and protect your credibility as a journalist.