Most spam and phishing attempts are laughably bogus. What if they weren’t?
Become a Patron of Ask Leo! and go ad-free!
This is Leo Notenboom for askleo.info.
Like most of you I’m sure, I get a fair amount of spam including a healthy
share of virus-laden messages and attachments as well as phishing scams.
Most of these messages work by trying to trick you into doing something –
perhaps buying something, opening up an attachment, visiting a web site, or at
its worst, visiting a web site and entering your personal information.
Phishing absolutely amazed me on several levels.
For one thing, so many of them are absolute junk! Broken English, horrible
formatting, even broken HTML in many cases – links that are obviously
A good 90% of the spam I get falls into that “so obviously fake, why do they
even try?” category.
Hence my second point of amazement: they work. As bad as those emails are,
people fall for them every day. Even after all this time. And it’s not an issue
of stupidity, through I’m sure there’s some of that out there, it’s more about
ignorance and education. What’s “obvious” junk to you and me isn’t so obvious
But that leads me to my third point, which I find kind of scary: a phisher
who would take the time to craft a proper message and write proper English
could rule the day. With so many phishing, virus and other spam messages being
so horribly, obviously broken, either in form or in language, a message that
wasn’t would stand out. Or rather, it wouldn’t stand out as being so obviously
bogus. And that would increase the chances of its success.
They are out there. I almost fell for one a few months ago. The timing was
right – I was involved in transaction inquiry with my credit card company, and
sure enough I got email that looked like it was from a credit card company and
looked fairly legitimate. The phisher had taken the time to craft an
appropriate lure. As a result of the coincidence of my expecting email from my
credit card company, and the good imitation done by the phisher … well, I
almost clicked through. But I’ve trained myself. I always look at
where the link really goes by hovering over it before I click. Sure
enough – it was a total fraud.
And just to be clear, depending on your mail program, that “hovering over” I
did can also be spoofed. Really, the only totally safe thing to do is simply
never click on links in email unless you’re totally certain that you trust the
Like I said, right now most spam is laughably bogus. But if more malware and
phishing authors ever get a clue, it’s going to get a lot more difficult to
tell what’s real from what’s fake.
I’d love to hear what you think. Visit askleo.info and enter 12058 in the go
to article number box to access the show notes, the transcript and to leave me
a comment. While you’re there, browse the hundreds of technical questions and
answers on the site.
Till next time, I’m Leo Notenboom, for askleo.info.