Special Edition is the blog for security testing business SE Labs. It explains how we test security products, reports on the internet threats we find and provides security tips for businesses, other organisations and home users.

Tuesday, 7 June 2016

Poor grammar foils spammer

It's great that even if your mastery of a language isn't brilliant, other people from across the planet can still understand you. It's an amazing human ability that brings us together as a species, but when the people writing phishing attacks try to sound plausible in a language they don't sufficiently understand, the results can be unconvincing:
"Please take a few minutes out of your online experience to know why PayPal had to limit your account and know how you are best able to easily restore your access as usual."
It's our old friend the Fake Security Notice phishing attack. This is the opening gambit of a surprisingly old school technique we've been monitoring all week with the SE Labs spam-pot network.

It goes on:
"We need some information from you. We have provided a form for you to complete, please open the attached file in this email in your browser. After our security team reviewed your information, we can then lift the limitations from your PayPal account."
Not very convincing unless you read it too fast, and there's a sort of old fashioned feel to the language. Also, poor grammar and punctuation.

It could be that the targets of this campaign are people who speak English as a second language, some of whom may not spot the problems that mark it out as unusual.

It should, however, go without saying that if you receive an email from someone calling themselves PayPal you should log into and check your PayPal account using your usual method, and not by clicking the link in the email. PayPal (and other financial institutions) never ask for passwords or other private information via email.

Author: Jon Thompson (Email: jon@selabs.uk; Twitter: @jon_thompson_uk)

No comments:

Post a Comment