Just a Little Phish
Phishing emails come in all shapes and sizes, some seem extremely poor, and some are very authentic.
The poor ones with spelling mistakes and bad grammar are not a mistake, they are intentional. They are looking to draw in those that will fall for the scam and will pay, they are homing in on their ‘target market’. If you spot the mistakes you are not the type of person who would fall for their scam whether they are perfectly written or not.
It is all about their conversion rates, we will be going into more detail on this in a future blog.
In the past they have done it to try and beat email security and spam filters. They have done their A/B testing and know what works!
If the email is coming from an individual as opposed to an organisation it makes them seem more authentic, most people do not write their emails as a professional copy writer would.
We all make typo’s and don’t always use the correct grammar, were human and make mistakes, when we receive such an email we can all associate with it. Recent attacks have mentioned an attachment in the email but haven’t attached anything, we’ve all done that, but the scammers do it to build rapport as their ‘error’ is relatable.
Never dismiss the sender of poorly written Phishing emails as stupid, unfortunately they are usually quite smart and have done their homework on human behaviour.
With emails sent from organisations we are usually less sympathetic to typo’s and grammatical errors after all they should go through a process and be proof read and approved.
See the example below that I have received today;
The above is a screenshot of an email received and viewed on my mobile phone. As you will be aware they don’t usually show the full sender so unless you click on the sender’s ‘Display Name’ to see the full email address you could be duped into believing that it may be genuine.
If you were to compare this email to a genuine one from Amazon you would spot very few errors. The links at the top of the email to ‘Your Orders’, ‘Your Account’ and ‘Amazon.com’ are all genuine links that take you to the real Amazon site. This is a common tactic used by bad actors to provide a level of authenticity to their communication.
Can you spot any mistakes or grammatical errors on the email?
The ‘nasty’ is in the ‘Revise your payment’ which is the main link you are going to go for. With the current economic climate and everyone worrying about their financial position such Phishing emails are preying on the fear of a payment ‘bouncing’.
Spelling and grammar are more important when impersonating a brand as the expectation is that they will be checked before being sent out.
I can’t think of a single brand that would start their communication with just ‘Hello’. They will use your name as opposed to nothing or customer etc. If your email has been part of a data breach elsewhere they may not have your name and with personal email addresses it is difficult to get a name, how would you get a first name from skywalker785342@?
How could I easily tell it was a phishing scam? I don't have an Amazon Prime Membership!
We cannot be too careful when clicking on links in emails, even ones from trusted sources. A single momentarily lapse can cause you a lot of grief and money.
Pass what you learn on to those that don’t spend their working day in front of a computer and aren’t as tech savvy that way we are all working towards reducing the threat.
Also, take one minute out of your day to report these emails, nothing can be done about them if the relevant authorities or brands know nothing about them.
I forwarded this one onto stop-spoofing@amazon.com and report@phishing.gov.uk. It does make a difference and it does get acted upon.
For text scams forward them onto 7726.
To find out all about the different methods of Phishing that there are visit our pages using the links below;