In *my* day, phishing was done properly
07 Jun 2005I tell you what, phishing attacks ain’t what they used to be. It used to be that internet hucksters really tried their best to make their pitches seems realistic, but I feel like the scam artists are just getting plain old sloppy. Take a look at the latest in my inbox. I’ve taken the liberty of marking obvious spelling errors in red:
From: paypal@mail.paypal.com
Subject: Security Center Advisory
Date: June 6, 2005 8:02:55 AM CEST
To: Jack
We Recently noticed one or more attempts to log in to your PayPal account from foreign IP adress and we have reasons to believe that your account was hijacked by a third party without your authorization
If you recently noticed one or more attempts your account while traveling, the unusual log in attempts may have been initiated by you. However, if your are rightful holder of the account, click on the link below to log into your account and fallow the intrusctions.
https://www.paypal.com/cgi-bin/webscr?cmd=login-run
If you choose to ignore our request, you leave us no choise but not tempor aly suspend account.
We ask that you fallow at least 72 hours for the case to be investigated and we strongly recomanded to verify your account in that time.
If you recived this notice and you are not the authorized account holder, please be aware that it is in violation of PayPal policy to represent oneself as another PayPal user.Such action may also be in violation of local, national, and/or international law. Paypal is misappropriate at the request of law enforment agencies to ensure that perpetrators are prosecuted to the fullest extent of the law.
Thanks for your patiance as we work togheter to protect your account.
Sincerly,
PayPal Account Review Department
PayPal, an ebay Company
- Please do not respond to this e-mail adress as your reply will not be recived
Don’t even get me started on the grammar; the bad spelling just screams out “bullshit!” Not that I’m super-uptight about spelling or anything, but the super-scary warning supposedly from paypal lost its effect when they “recomanded” me to “fallow the intrusctions”.
For some reason I feel a little sorry for these jackasses, so I offer up some tips in the interests of helping my fellow men (even when they are maggots):
- Use a spell-checker before sending out your text.
- Have a native English speaker proofread your text.
- Don’t include ludicrous warnings like “don’t reply to this email, we won’t get it”. What kind of company sends warnings by email but can’t receive email in return? Think, dumbass!
- If you must include a paragraph warning people not to break they law (working under the assumption that people will automatically believe anyone who quotes laws at them), at least try to make some sense. “Paypal is misappropriate at the request of law enforment…” ??? That dog won’t hunt, slim.
- Above all, try to think up a plausible story as to why the mark should click your link and give up their password. I mean, what’s with this warning about a “foreign IP address”? Foreign compared to what? You mean it’s not an address in the US? Or what? And how the hell would you know? And do you know what country the mark is in? This kind of bullshit just shows that the person who wrote it not only can’t write clearly, they can’t even think clearly.
Hopefully these tips will help improve the quality of the phishing attempts I get in my email. If not, I’m going to have to give you all a big fat F pretty soon. Read on →