Why phishing emails contain errors?

2022-05-04

Phishing poses a serious threat to both individuals and companies.

The phishing statistics give an idea of the prevalence and severity of phishing attacks, which are mainly carried through email phishing as primary vector (96%1 according to “IBM's 2021 Cost of a Data Breach Report.

The objective of a phishing attack is to steal credentials to victims or steal personal information, thus the hacker can perform any type of fraud.

Whilst phishing can take many forms and the bad actor can request various types of information to the target, all emails and communication share some characteristic.

You have probably noticed that, all the phishing mails are poorly written and some details may let us think they are somewhat unprofessional.

Accuracy and well-written emails share insights about the sender characteristic.

Would you ever reply to a marketing mail if it contains mistakes?

Probably not because, if the company would present the product with missing components or broken parts you would consider this as a poor-quality brand and eventually not buying from them.

This does not happen with phishing emails, which share this low accuracy and sophistication.

Whilst legitimate mail communications present a clear and neat structure, most frauds are characterized by the presence of words with grammar errors and misspellings.

What is the reason?

Although English as a language is simple and represents the most spoken language in the world, only 20% of the population is a native speaker.

This results in a nightmare for non-native people who have to learn and master this language in both spoken and written communication.

Nevertheless, only few proficient people can detect spelling errors, thus the rest is more prone to overlook such imprecisions because they are naïve.

Therefore, the question is why do they choose to write so badly if such communications only raise the attention of the most gullible people?

It is somehow a limitation to the effectiveness of the phishing campaign itself and bad actor should improve the quality of such mails.

This is intentional, because writing perfect emails can be counterproductive too.

Some bad actors deliberately use poor grammars and typos in order to get the attention of the victims.

Not all hackers use poor quality mails but they are aware that spam filters may detect scams.

Indeed, every mail provider implements an algorithm which is capable of detecting phishing emails and iteratively learn and detect such patterns.

If you receive so many emails from a specific sender or with a similar content, that mail would be put in the spam folder automatically by your email client.

Some email filters specifically look for exact matches of keywords which are relevant for scammers.

Therefore, if some words are misspelled they would not be detected by spam filters, thus reaching the inbox of the victims.

Email typos have also another great use case, which relates to human psychology.

Nowadays, gaining the attention of any type of audience is becoming more and more complicated, especially of the youngest people.

If an email contains misspelled word, it is easier for the victim to raise the attention and check the content.

Going through the content to check mistakes increase the chances of this mail being read.

How does a poor quality scam email looks like?

Here's some examples

 

Phishing email typos example | White Blue OceanPhishing email typos example | White Blue Ocean

Phishing email typos examples | White Blue Ocean

Phishing email typos examples | White Blue Ocean

 

 

Reference List

https://www.egress.com/resources/cybersecurity-information/phishing/2021-phishing-statistics 

https://medium.com/purple-theory/why-are-scam-emails-so-poorly-written-6fd186811401

https://umbrella.cisco.com/blog/grammar-and-spelling-errors-in-phishing-and-malware

https://www.ibm.com/downloads/cas/OJDVQGRY

https://www.proofpoint.com/it/threat-reference/phishing

 

Related news

How to tidy up a data-irresponsible past
2022-04-11

The world has never been more interconnected than at the present time, through devices like smartphones, laptops, and The risks of IoT devices, that create, collect, transmit, process, analyse, copy and store unprecedented amounts of data. This has led to concerns on how much control users have over their own data, and what level of privacy they can maintain when navigating online. Read more...

Read more
SIAE Data Breach
2021-10-21

News of the latest cyberattack comes from Italy, where on the afternoon of the 20th October it was disclosed that SIAE, the Italian Society of Authors and Publishers, was targeted by a ransomware attack. SIAE, which was founded in 1882, is the Italian copyright collecting agency for artists in different areas of the entertainment industry, including television, music, theatre, visual arts and literature, and aims to guarantee that artists receive the right remuneration for their work.

Read more
Ukraine donation scams | White Blue Ocean Blog
Watch out for fake charities asking for donation to support Ukraine
2022-05-17

Amid Russia’s invasion of Ukraine, there have been several warnings on spikes in fraudulent activity carried out by criminals seeking to capitalise on the Ukrainian humanitarian crisis. Numerous reports from across the world show that fraudster are currently tricking people into making donations to fake charities, in order to then pocket the money that was meant to help Ukrainian refugees. It is thought that the amount of money siphoned by fraudsters since the beginning of Russia’s invasion could be of millions of dollars.

Read more
New cyber extortionists on the block: the Lapsus$ gang
2022-04-27

In just 5 months the Lapsus$ cyber gang has become one of the most talked about hacker groups, going from launching localised attacks, to conducting a large-scale extortion campaign, successfully breaching technology giants and stealing their source codes.

Read more
The Best and Worst Films about Cyber Security
2022-01-11

Cyber Security lessons can be learned from films, television programmes and documentaries.

Read more

Contacts

Let's talk

Please fill in the form below (fields with * are mandatory) and we will respond to your request as soon as possible!