Spring Sale! Save 30% on all books w/ code: PLANET24
Web Dev + WordPress + Security

News Phlash for Phishers: Grammar are Critical if You Want to Stealing from People

“Oh no, not again!” It looks like another one of my non-existent bank accounts has been blocked at Bank of America. But that’s cool, because I like, totally graduated from third grade. Knowing best for all grammar and words in email. Let’s examine yet another idiotic phishing attempt, shall we? First, let’s have a look at the full-meal deal (sans bank logos, links, and other forged minutia):

From : abuse@bankofamerica.com
Date : Wednesday, November 07, 2007 6:19 AM
To : none
Subject : Online Banking Alert

——————————

Your Online Banking is Blocked

Because of unusual number of invalid login attempts on you account,
we had to believe that, their might be some security problem on you
account. So we have decided to put an extra verification process to
ensure your identity and your account security. Please click on
sign in to Online Banking to continue to the verification process
and ensure your account security. It is all about your security.
Thank you, and visit the customer service section.

——————————

Yes indeed, another amazingly pathetic phishing attempt. To quote an old intergalactic smuggler:

“What an incredible smell you’ve discovered..”

First of all, it needs to be said that, especially in our modern, “phishing-aware” world, it is absolutely critical for would-be phishers to comprehend thoroughly the language in which their bait will be delivered. This is especially true when it comes to the emulation of formal communication from legitimate business establishments such as banks, online shops, and governmental offices.

As professional business institutions, these organizations place great importance on public communication. They employ college graduates to fashion grammatically correct emails, form letters, and other critical correspondence. The writers of formal business documents are careful to capture that subtle tone of professional, authoritative confidence, harmonizing each communicative effort with an unmistakable, universally resonating corporate lingo. Further, the crafting and delivery of these messages have been practiced and refined throughout centuries of capitalistic enterprise and governmental bureaucracy, familiarizing masses of consumers worldwide with a distinctly formal tone of legitimate information.

In fact, people have become so familiar with this standardized, uniformly employed communicative format, that suspicion arises with even the slightest hint of artificiality. Indeed, for many people, even the most subtle discrepancy in the rhythmic nuances of a supposedly legitimate email immediately implies fraud.

Especially in our modern world, where cyber-crime is at an all-time high, businesses place an enormous deal of importance on all of their official correspondence, email or otherwise. Every jot and tittle is absolutely critical to produce a convincing message — don’t even think about phishing if you can’t even manage some basic grammar.

Nonetheless, if a firm grasp of the native language proves impossible, and the subtle nuances of standard business lingo remain elusive, then the best you scum-sucking cyber-criminals can do involves avoiding some of the more obvious mistakes while creating your next masterpiece. You know the ones: mistakes that make you go “hmmm..” Here is a short list of some key areas that need addressed during your next phabulous phishing adventure:

Banks address their customers by name

Check out the “To :” field in the email header shown above. What does that say? It says: “none.” As if to imply that the “Abuse” department of a major banking institution would actually send me a highly confidential email concerning my account security and verification without addressing me by name. This is such a brain-dead giveaway that it is hard to even imagine. Of course, the reason phishers use the term “none” is because it is less obvious than using an incorrect name, which would be even more of a dead giveaway.

Banks are professional organizations, not mercenaries

Here’s a tip: banks don’t send this type of correspondence to their customers, and if they do, they generally open with a formal greeting of some sort, or, at the very least, address you by name. What they do not do is slap you upside the head with gestapo-like warnings such as “Your Online Banking is Blocked.” Give me a break. Instead, banks and other business institutions actually value their customer’s business and are fully aware of scare-tactic phishing tricks such as attempts to “scare” the victim into action.

Basic grammar are critical if you want to stealing from people

Forget tone. Forget subtle rhythmic nuances, iambic pentameter and all of that. Instead, let’s just focus on the basics, shall we? Examining the email presented above, here are a few quick pointers for you:

  • “Because of unusual number” » ..um, yeah. What are we, cavemen or something?
  • “attempts on you account”.. » okay, obviously, “your” not know “you” pronouns
  • “we had to believe that, their might be some security problem on you account.” » ..yikes, that’s just hideous.

Wrapping up then, if this phishing critique seems a little harsh, just wait until the next one. The stinking holes that perpetuate this idiocy deserve far worse than delivered via this paltry post. Unfortunately, despite the obviousness of such pathetic phishing attempts, there are people out there in the far corners of cyberspace who actually fall prey to such mindless deception. Hopefully, silly articles such as this will help spread the word about the ridiculous nature of these phoolish phollies.

About the Author
Jeff Starr = Web Developer. Security Specialist. WordPress Buff.
WP Themes In Depth: Build and sell awesome WordPress themes.

2 responses to “News Phlash for Phishers: Grammar are Critical if You Want to Stealing from People”

  1. thanks! you just gave me an idea for making my first million: create a site the functions as a virtual market place where pennyless college students majoring in English can contract out their writing skills to non English speaking phishers. It’s a marriage made in heaven!

  2. Perishable 2008/05/04 7:27 am

    Been there, done that! How do you think I made my many millionz? ;)

Comments are closed for this post. Something to add? Let me know.
Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
WP Themes In Depth: Build and sell awesome WordPress themes.
Thoughts
I live right next door to the absolute loudest car in town. And the owner loves to drive it.
8G Firewall now out of beta testing, ready for use on production sites.
It's all about that ad revenue baby.
Note to self: encrypting 500 GB of data on my iMac takes around 8 hours.
Getting back into things after a bit of a break. Currently 7° F outside. Chillz.
2024 is going to make 2020 look like a vacation. Prepare accordingly.
First snow of the year :)
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.