Why phishing emails contain errors?


Phishing poses a serious threat to both individuals and companies.

The phishing statistics give an idea of the prevalence and severity of phishing attacks, which are mainly carried through email phishing as primary vector (96%1 according to “IBM's 2021 Cost of a Data Breach Report.

The objective of a phishing attack is to steal credentials to victims or steal personal information, thus the hacker can perform any type of fraud.

Whilst phishing can take many forms and the bad actor can request various types of information to the target, all emails and communication share some characteristic.

You have probably noticed that, all the phishing mails are poorly written and some details may let us think they are somewhat unprofessional.

Accuracy and well-written emails share insights about the sender characteristic.

Would you ever reply to a marketing mail if it contains mistakes?

Probably not because, if the company would present the product with missing components or broken parts you would consider this as a poor-quality brand and eventually not buying from them.

This does not happen with phishing emails, which share this low accuracy and sophistication.

Whilst legitimate mail communications present a clear and neat structure, most frauds are characterized by the presence of words with grammar errors and misspellings.

What is the reason?

Although English as a language is simple and represents the most spoken language in the world, only 20% of the population is a native speaker.

This results in a nightmare for non-native people who have to learn and master this language in both spoken and written communication.

Nevertheless, only few proficient people can detect spelling errors, thus the rest is more prone to overlook such imprecisions because they are naïve.

Therefore, the question is why do they choose to write so badly if such communications only raise the attention of the most gullible people?

It is somehow a limitation to the effectiveness of the phishing campaign itself and bad actor should improve the quality of such mails.

This is intentional, because writing perfect emails can be counterproductive too.

Some bad actors deliberately use poor grammars and typos in order to get the attention of the victims.

Not all hackers use poor quality mails but they are aware that spam filters may detect scams.

Indeed, every mail provider implements an algorithm which is capable of detecting phishing emails and iteratively learn and detect such patterns.

If you receive so many emails from a specific sender or with a similar content, that mail would be put in the spam folder automatically by your email client.

Some email filters specifically look for exact matches of keywords which are relevant for scammers.

Therefore, if some words are misspelled they would not be detected by spam filters, thus reaching the inbox of the victims.

Email typos have also another great use case, which relates to human psychology.

Nowadays, gaining the attention of any type of audience is becoming more and more complicated, especially of the youngest people.

If an email contains misspelled word, it is easier for the victim to raise the attention and check the content.

Going through the content to check mistakes increase the chances of this mail being read.

How does a poor quality scam email looks like?

Here's some examples


Phishing email typos example | White Blue OceanPhishing email typos example | White Blue Ocean

Phishing email typos examples | White Blue Ocean

Phishing email typos examples | White Blue Ocean


The information contained in this article is provided by White Blue Ocean, part of CRIF Group, a global company specializing in credit & business information systems, analytics, outsourcing and processing services, as well as advanced digital solutions for business development and open banking.

Reference List






The information contained in this article is provided for informational purposes only and does not constitute professional advice and is not guaranteed to be accurate, complete, reliable, current or error-free.

Related news

How to tidy up a data-irresponsible past

The world has never been more interconnected than at the present time, through devices like smartphones, laptops, and The risks of IoT devices, that create, collect, transmit, process, analyse, copy and store unprecedented amounts of data. This has led to concerns on how much control users have over their own data, and what level of privacy they can maintain when navigating online. Read more...

Read more
A Brief History of Ransomware | White Blue Ocean
A Brief History of Ransomware

Ransomware is continuously developing and becoming more and more sophisticated. It isn’t going anywhere anytime soon, but where did it come from? Where did it go? And how has it evolved?

Read more
SIAE Data Breach

News of the latest cyberattack comes from Italy, where on the afternoon of the 20th October it was disclosed that SIAE, the Italian Society of Authors and Publishers, was targeted by a ransomware attack. SIAE, which was founded in 1882, is the Italian copyright collecting agency for artists in different areas of the entertainment industry, including television, music, theatre, visual arts and literature, and aims to guarantee that artists receive the right remuneration for their work.

Read more
Ukraine donation scams | White Blue Ocean Blog
Watch out for fake charities asking for donation to support Ukraine

Amid Russia’s invasion of Ukraine, there have been several warnings on spikes in fraudulent activity carried out by criminals seeking to capitalise on the Ukrainian humanitarian crisis. Numerous reports from across the world show that fraudster are currently tricking people into making donations to fake charities, in order to then pocket the money that was meant to help Ukrainian refugees. It is thought that the amount of money siphoned by fraudsters since the beginning of Russia’s invasion could be of millions of dollars.

Read more
Data privacy and security in the healthcare sector | White Blue Ocean Blog
Data privacy and security in the healthcare sector: medical firm Dedalus fined €1.5 million for data breach

At the end of April 2022, the CNIL, the data protection authority for France, announced it had imposed a fine of €1.5 million on the medical software provider Dedalus Biology, following a significant leak of patients’ data.

Read more
Malicious Browser Extensions
Malicious Browser Extensions

Browser Extensions can improve the convenience, productivity, and efficiency of browsers; however, they are not always secure as they look and can pose a significant challenge to cybersecurity. As a matter of fact, extensions can be easily downloaded with just one click, typically have full access to the contents of any web page the user loads and can handle sensitive data. This has made extensions a valuable target for threat actors.

Read more
New cyber extortionists on the block: the Lapsus$ gang

In just 5 months the Lapsus$ cyber gang has become one of the most talked about hacker groups, going from launching localised attacks, to conducting a large-scale extortion campaign, successfully breaching technology giants and stealing their source codes.

Read more
When hacking is good: ethical hackers | White Blue Ocean Blog
When hacking is good: ethical hackers

While talking about the ethics of hackers, the term hacker often has a negative connotation. In reality, a hacker is an extremely competent person in the IT sector who exploits his knowledge, skills and his own curiosity for helping others in order to discover the vulnerabilities of a system.

Read more


Let's talk

Please fill in the form below (fields with * are mandatory) and we will respond to your request as soon as possible!