Content Strategy and Words for Business on the Web • • Feature Post Sales vs. Marketing

« Playing with WordPress 2.5 | Blog Home | Cartoon - Hands On Managers »

Use Grammar to Catch Phish

By Brad Shorr | April 10, 2008

word-sell-spammer.JPG
Here’s an official looking piece of email I received today –

Dear PayPal User,

We are sorry to inform you that due to our recent security improvements you must
confirm your account information in order to keep it running in a perfect condition.
You are requested by PayPal to Log In and to verify all the requested information.
Please notice that submiting wrong information may lead to PayPal account removal.
We know that is an inconvinience to you, but please understand that this is a very
important security measure for us for keeping your account safe and secure.
If you have any questions feel free to contact us at any time security@paypal.com
You can confirm your account information by clicking the link bellow:
https://www.paypal.com/cgi-bin/login

Looks legitimate at first glance, but read closely and you will see that “submitting”, “inconvenience”, and “below” are misspelled. In addition, the phrase “to keep it running in a perfect condition” is rather strange construction, suggesting that English is not the writer’s first language. All these are tipoffs this message is phony.

Does the email measure up to Paypal’s writing standards? Let’s take a look. Here’s a bit of content taken randomly from the Paypal website.

Take your business online with security and flexibility.

* Connect your online store to any major payment processor, bank, and card association with our industry-leading payment gateways, Payflow Link and Payflow Pro.
* Accept credit and debit cards with your current internet merchant account. And accept PayPal too (U.S. only).
* Feel secure knowing that 128-bit SSL encryption lets customers confidently use their credit cards online.
* Integrate easily. Payflow Gateway is pre-integrated into many shopping carts.

What is a payment gateway?
It’s a secure connection from your online store to your internet merchant account and your payment processing network.

Pretty good! No spelling or grammar flaws as far as I can see. If the phisher had written his email this well, he would bait more folks into giving up their PayPal user name and password.

Careful reading and a spell check are sometimes all it takes to spot a scam.

Related:

  • Content Tips from the Blogosphere
  • 7 Ways to Write a Better Business Letter
  • Driving Lessons: 10 Rules of the Writing Road, by Joanna Young
  • Ditech–Bad Story to Good Story
  • Tomorrow’s Bloggers Today

    • 15 Responses to “Use Grammar to Catch Phish”

    1. Robert Hruzek Says:
      April 10th, 2008 at 8:24 am

      I get these supposedly from various banks all the time, including, on occasion, my own. But our bank has a well-publicized policy that they NEVER email you anything of the sort. I know it’s less than sticking a finger in the dike, but still, I forward it to their phishing trackers. Hey, you never know.

      What kills me, though, is that things like this MUST work… else, why bother? When you think of the people who are ‘way too trusting on the ‘net… sheesh!

    2. Brad Shorr Says:
      April 10th, 2008 at 8:32 am

      Bob, Too trusting or poor readers, maybe.

    3. Zach Katkin Says:
      April 10th, 2008 at 9:22 am

      Great tip, but what if these bloody fishers start catching on, and improving their skillz?

    4. Brad Shorr Says:
      April 10th, 2008 at 9:30 am

      Well Zach, that would be a problem, but hey - maybe it would lead to more work for me. :)

    5. Robyn Says:
      April 10th, 2008 at 1:39 pm

      Never thought about grammar in relation to this kind of message, Brad. I get them every now and then and dump each one.

      Thanks for the tip that grammar give them away.

    6. Brad Shorr Says:
      April 10th, 2008 at 1:42 pm

      Robyn, I actually used to fall for some of these until I started reading them closely.

    7. Jesse Hines Says:
      April 10th, 2008 at 2:18 pm

      “Careful reading and a spell check are sometimes all it takes to spot a scam.”

      Interesting tip. Makes sense too.

    8. Tom Lindstrom Says:
      April 11th, 2008 at 1:42 am

      Nice post! (Stumbled and Dugg!) Lucky for us that these scammers seldom check spelling errors.Makes it easier for us to spot them.I receive only those nigerian scam letters once in a while, but none from “PayPal” as of yet.English is not my first language, I may be easier to fool with this kind of scam.

    9. Brad Shorr Says:
      April 11th, 2008 at 5:12 am

      Jesse, after writing this post, I’ve noticed most of these emails really do have lots of errors. Tom, thanks for the Stumble and Digg! You wonder why the scammers don’t pay more attention to detail, considering how clever and conniving they must be.

    10. gl hoffman Says:
      April 12th, 2008 at 8:27 am

      Ah NUTS. I suppose this means I shouldn’t be waiting by my mailbox for that Nigerian money I won from the lottery there?

    11. Jeanne Dininni Says:
      April 12th, 2008 at 9:37 pm

      Brad,

      These phishing e-mails are very often very poorly written–thank goodness. But I’ve also received a few that were very professionally done–almost frighteningly so. So it isn’t enough to look for spelling or grammatical errors. You also need to pass your cursor over the link they ask you to click (without clicking) and see what irregularities you find in the URL you’d be taken to if you were to click. This can be an education in itself! It’s also a good policy to never click a link in an e-mail unless you’re absolutely certain where it came from.

      There’s really so much more to the issue, because often it involves being taken to spoof websites; and it’s important to know how to spot them. I’ve written several blog posts about these two related topics at Writer’s Notes.

      I usually get one or more “PayPal” e-mails every day; and lately I’ve been getting them from “e-Bay,” too, along with all the others I regularly receive. Sure wish these people would find something more constructive to do.

      Jeanne

    12. Brad Shorr Says:
      April 13th, 2008 at 4:52 am

      GL, Sorry to disappoint you, but yes, you might have trouble collecting. I won $48 million last week and haven’t seen a dime. Jeanne, thanks for the hovering tip. Some of the PayPal emails look more authentic than others, that’s for sure.

    13. Karen Swim Says:
      April 14th, 2008 at 9:12 pm

      Brad, great point. I always laugh at the poorly written messages and wonder “who believes this stuff?” Lately I win money daily. The messages are hilarious and I am getting 5-7 per day. Okay actually not so funny anymore because of the volume but the first few were pretty funny.

    14. Brad Shorr Says:
      April 15th, 2008 at 5:30 am

      Karen, only 5-7 a day? I’m jealous. I get two or three times as much. What worries me is one day I’m going to delete a message where I actually won $1 million. :)

    15. Karen Swim Says:
      April 15th, 2008 at 6:43 am

      LOL! Now I feel pretty lucky that I’m not getting as many as you. I also worry that I’m going to delete that real message that tells me I’ve won something. ;-)

      Karen

    Comments