News Phlash for Phishers: Grammar are Critical if You Want to Stealing from People

“Oh no, not again!” It looks like another one of my non-existent bank accounts has been blocked at Bank of America. But that’s cool, because I like, totally graduated from third grade. Knowing best for all grammar and words in email. Let’s examine yet another idiotic phishing attempt, shall we? First, let’s have a look at the full-meal deal (sans bank logos, links, and other forged minutia):

From    : abuse@bankofamerica.com
Date    : Wednesday, November 07, 2007 6:19 AM
To      : none
Subject : Online Banking Alert

------------------------------

Your Online Banking is Blocked

Because of unusual number of invalid login attempts on you account, 
we had to believe that, their might be some security problem on you 
account. So we have decided to put an extra verification process to 
ensure your identity and your account security. Please click on 
sign in to Online Banking to continue to the verification process 
and ensure your account security. It is all about your security. 
Thank you, and visit the customer service section.

------------------------------

Yes indeed, another amazingly pathetic phishing attempt. To quote an old intergalactic smuggler:

“What an incredible smell you’ve discovered..”

First of all, it needs to be said that, especially in our modern, “phishing-aware” world, it is absolutely critical for would-be phishers to comprehend thoroughly the language in which their bait will be delivered. This is especially true when it comes to the emulation of formal communication from legitimate business establishments such as banks, online shops, and governmental offices.

As professional business institutions, these organizations place great importance on public communication. They employ college graduates to fashion grammatically correct emails, form letters, and other critical correspondence. The writers of formal business documents are careful to capture that subtle tone of professional, authoritative confidence, harmonizing each communicative effort with an unmistakable, universally resonating corporate lingo. Further, the crafting and delivery of these messages have been practiced and refined throughout centuries of capitalistic enterprise and governmental bureaucracy, familiarizing masses of consumers worldwide with a distinctly formal tone of legitimate information.

In fact, people have become so familiar with this standardized, uniformly employed communicative format, that suspicion arises with even the slightest hint of artificiality. Indeed, for many people, even the most subtle discrepancy in the rhythmic nuances of a supposedly legitimate email immediately implies fraud.

Especially in our modern world, where cyber-crime is at an all-time high, businesses place an enormous deal of importance on all of their official correspondence, email or otherwise. Every jot and tittle is absolutely critical to produce a convincing message — don’t even think about phishing if you can’t even manage some basic grammar.

Nonetheless, if a firm grasp of the native language proves impossible, and the subtle nuances of standard business lingo remain elusive, then the best you scum-sucking cyber-criminals can do involves avoiding some of the more obvious mistakes while creating your next masterpiece. You know the ones: mistakes that make you go “hmmm..” Here is a short list of some key areas that need addressed during your next phabulous phishing adventure:

Banks address their customers by name

Check out the “To :” field in the email header shown above. What does that say? It says: “none.” As if to imply that the “Abuse” department of a major banking institution would actually send me a highly confidential email concerning my account security and verification without addressing me by name. This is such a brain-dead giveaway that it is hard to even imagine. Of course, the reason phishers use the term “none” is because it is less obvious than using an incorrect name, which would be even more of a dead giveaway.

Banks are professional organizations, not mercenaries

Here’s a tip: banks don’t send this type of correspondence to their customers, and if they do, they generally open with a formal greeting of some sort, or, at the very least, address you by name. What they do not do is slap you upside the head with gestapo-like warnings such as “Your Online Banking is Blocked.” Give me a break. Instead, banks and other business institutions actually value their customer’s business and are fully aware of scare-tactic phishing tricks such as attempts to “scare” the victim into action.

Basic grammar are critical if you want to stealing from people

Forget tone. Forget subtle rhythmic nuances, iambic pentameter and all of that. Instead, let’s just focus on the basics, shall we? Examining the email presented above, here are a few quick pointers for you:

  • “Because of unusual number” » ..um, yeah. What are we, cavemen or something?
  • “attempts on you account”.. » okay, obviously, “your” not know “you” pronouns
  • “we had to believe that, their might be some security problem on you account.” » ..yikes, that’s just hideous.

Wrapping up then, if this phishing critique seems a little harsh, just wait until the next one. The stinking holes that perpetuate this idiocy deserve far worse than delivered via this paltry post. Unfortunately, despite the obviousness of such pathetic phishing attempts, there are people out there in the far corners of cyberspace who actually fall prey to such mindless deception. Hopefully, silly articles such as this will help spread the word about the ridiculous nature of these phoolish phollies.