the signs of phishing

March 25, 2011

Phishing used to be transparently clumsy most of the time, but since the one below came from a sometimes rather emotional person, I almost responded. (I never would have fallen for a cash request without lots more detail, but it would feel better to have laughed out loud at this one immediately, which I didn’t.)

“I’m writing this with tears in my eyes,my family and I came down here for a short vacation in Scotland,United Kingdom and we’re mugged at the park of the hotel where we lodge,all cash,credit card and cell was stolen from us but luckily for us we still have our passports with us.

We’ve been to the embassy and police here are not helping the issues at all and our flight leaves in a couple of hours but we’re having problems to sort out the hotel bills and the hotel manager won’t let us leave until we settle the bills,I’m freaked out at this moment. I

need you to help me out.”

It’s an interesting question, what gives away a phishing attempt. This one was fairly good as to the email address it concocted. They took his normal user name and simply opened an account with that name at aol.

*normally the “writing this with tears in my eyes” opening would be a dead giveaway, but not in this case.

*”Scotland, United Kingdom” is a fairly ludicrous place name, especially with no city specified, but someone might possibly say it if they were in shock.

*”my family and I” is too vague. This guy just has a couple of parents over 90 years old, who are unlikely to “come down for a short vacation in Scotland, United Kingdom.”

*The idea of police being unhelpful in Scotland surprised me enough that it seemed implausible. Perhaps I’m being naive about Scotland, but it certainly seems like one of the most helpful places I’ve ever been.

*”all cash,credit card and cell” doesn’t sound like a native speaker of English even if rush-typed by a person in shock.

*”and we’re mugged”, again a bit ungrammatical, and not the sort of thing a native American English speaker would say.

Also, I’d seen this one before (under the name of one of my Egyptian students), and it only took me about 45 seconds to remember that.

But on the whole, these are getting a bit better all the time, and eventually they may become pretty dangerously skilled.

I also received a very skilled one last week, ostensibly from Citibank credit cards. The graphics were impeccable. I only began to doubt it because they said I had just phoned them a few days ago on the customer service line, which I hadn’t. And then I looked to the email address and it was ridiculous: Citibank at some-nonsensical-phrase dot com.

Last year I received a few pretty crafty ones from the “IRS” as well.

But often the level of English isn’t quite idiomatic enough. And that’s still the #1 phishing detector for me, with stupid email reply addresses perhaps being #2 among the things I notice.

And Google did give me the following overhead message on that “Scotland, United Kingdom” message today:

“Warning: The content of this message is suspicious. The sender’s account may be compromised. Beware of following links or of providing the sender with any personal information.”