Tags:




Advertise here: Contact FM.


Deliberate typos in phishing scams?
December 13, 2005 9:43 AM   RSS feed for this thread Subscribe

Why do phishing scam e-mails always seem to have at least one very obvious typo?

even when one of these things is well written (like by someone who may actually be a native english speaker) there's always one, often quite a big one. For instance, the most recent message I've received has "Please note that this suspension does not relieve you of your agreed-upon obligation to !pay any fees you may owe to eBay." !pay looks like a hard mistake to make and an easy one to catch before sending, particularly when the scammer has taken the time to write a semi-plausible e-mail with a masked url, etc. Is there some scammer lore that says if there's an obvious typo, they can't arrest you or something?
posted by PinkStainlessTail to computers & internet (20 comments total)
It's a ploy used to defeat spam filters, which look for specific words such as "Viagra", "Free", "Rolex" etc..
posted by Optamystic at 9:45 AM on December 13, 2005


To get past spam filters which are based on keywords.
posted by knave at 9:45 AM on December 13, 2005


Now that's a jynx.
posted by knave at 9:46 AM on December 13, 2005


I doubt it has anything to do with legal loopholes. Perhaps the persons doing the phishing are so brainless that they have to leave a signature of some sort so they themselves don't fall prey to it?
posted by pmbuko at 9:47 AM on December 13, 2005


Thanks, but "v1agrra, r0lexx,"etc. are not the kind of thing I'm asking about.
posted by PinkStainlessTail at 9:49 AM on December 13, 2005


Thanks, but "v1agrra, r0lexx,"etc. are not the kind of thing I'm asking about.

Certainly, but Optamystic and knave certainly have good guesses: You said it yourself, they're otherwise grammatically correct letters. The logical explanation is that the typo is purposeful. The question then is: To what purpose?
posted by thanotopsis at 9:59 AM on December 13, 2005


I wonder if it's an attempt to fool spam blockers at ISPs that reject large numbers of identical messages. If the exlamation point was changed or moved for each recipient, then each email would be "unique," perhaps helping it get through the filters.
posted by blue mustard at 10:01 AM on December 13, 2005


I just recently received a phishing email that spelled the word "chance" "chanse". I seriously doubt that they misspelled that to get around filters.
posted by cyphill at 10:42 AM on December 13, 2005


I also second that it is to fool the spam blockers...
But they are still very dumb people.. I had a scammer who pretended to be interested in buying my used car who kept replying to my messages with purposeful typos... like "I will send you $10000 cas hier's che ck for your $6000 car if you would refund me $4000 when you sh ip your car to me" Even though I was also pretending to be interested in selling the car and kept replying, he would still do the typo thing.

I sold two cars through autotrader.com and every time I had at least two scammers trying to do same thing to me.. My friend had exact same scammer when he was selling his car so I knew what I was getting into...

During the weekend when I had free time, I gave both scammers' email address to eachother and told them to talk to eachother and I will sell the car to highest bid...

it was the funniest thing I ever saw.. they actually pretended to eachother all in typos again... During about an hour or so, I sent both scammers some garbage attachement files to fill up their fake free email accounts...(i wanted to get it back to them some how... or at least waste their time...)

These were persistant scammers who would talk to you for more than few days and few dozen emails to get you to fall for their scams...

Maybe I should have contacted police or something.. but If this type of thing happens so often, why could they track them when a guy comes to my front door to pick up my car and give me the fake over-amount check.

Couldn't cops trace back to the scammer fairly easily when scammers are about to receive the payoff...?

All scammers are trying to get payoffs some how... and at these modern days, I can't believe everyone can not be traced back... AD spams I can understand.. but outright fraud scammers should be hunted down...

I almost wanted to give the scammer my local police dept address and have the shipper come to the station... the shipper probably don't know what is going on but at least the cops can be aware of the situation and hoply do something about it.

It was going to be simple "I second that" but sorry I started to get emotional...
posted by curiousleo at 10:50 AM on December 13, 2005


cyphill: "I just recently received a phishing email that spelled the word "chance" "chanse". I seriously doubt that they misspelled that to get around filters."

Many spam filters use a huge number of little rules to decide if something's spam. A certain phrase or a couple words used near each other is more likely to be spam than not, so the filter adds a fraction of a "maybe spam" point to that email. If the number of points exceeds some limit, it's spam.

"Chance" seems like a perfect word to misspell. A non-trivial number of spams probably talk about "chance to win" or some such, so I wouldn't be surprised if that word (or the phrase) had value to a Bayesian filter. The same with "pay".
posted by Plutor at 10:50 AM on December 13, 2005


These were persistant scammers

And why should we believe you, hmm? :)
posted by Falconetti at 12:18 PM on December 13, 2005


I think the bang ("!") in your e-mail is simply an artifact of exploiting an e-mail form in order to broadcast the message. Some forms being handled via some languages (data posted to a poorly-written [eg, mine] PHP e-mail handler, for instance) will force wrap lines that are too long, marking that wrap with a bang.
posted by waldo at 12:29 PM on December 13, 2005


Falconetti... :-) persistent

You are right... why should anyone believe anonymous messages...

But these few supposely potential sales transactions got me thinking...

These weren't dollar scammers, these were few thousand dollar scammers... what if i was older person or people who are not yet savvy internet user like my well educated friend who was approached (who actually was going to go through with this before I stopped him).

How large of problem with this?
Does this happen everytime a person puts ad like mine?
So far it has happend everytime my friend and I put our ads... (although it was only three times...)

Are there an official task force like "internet sex police" regarding these scammers?
posted by curiousleo at 12:50 PM on December 13, 2005


Sorry, I misquoted the email. The actual phrase was "If you choose to ignore our request, you leave us no choise but to temporaly suspend your account". So they actually misspelled a couple of words.
posted by cyphill at 1:21 PM on December 13, 2005


I've always gotten the impression that the people writing the emails aren't native speakers of English - the grammar is always a little bit off in addition to the spelling, like they're using a computer translation.
posted by SashaPT at 2:09 PM on December 13, 2005


Just as with encyclopedias: these "mistakes" are copyright traps, in that when other phishers duplicate their approach, the first will have grounds for a lawsuit. No?
posted by Aknaton at 2:28 PM on December 13, 2005


Some spam blockers (especially one's that rely on collaborative human identification) compare incoming messages to previously identified spam messages (hashes, usually). It's possible that the typos are inserted in unique combinations by the mass-mailing program to create slightly different, but still readable versions of the message, bypassing detection by comparison.
posted by 4easypayments at 3:06 PM on December 13, 2005


I'll second the hashes explanation. It would be interesting to see if someone you know (outside your email domain) got the same spam and if they have "!pay" in the same place. A smart spammer would dynamically alter every message so your friend's spam might have "pay" but "!ebay" instead, thus creating a completely different hash.
posted by skallas at 3:14 PM on December 13, 2005


SashaPT - a computer translation wouldn't introduce spelling errors, unless the errors were there in the original and by some fluke the word was the same in both languages.
posted by altolinguistic at 3:57 PM on December 13, 2005


4easypayments got it.

The use of spelling and content variants in the message is specifically designed to defeat collaborative distributed hash databases. Vipul's Razor, Pyzor, and DCC are among the public databases and large spam filtering service firms have their own private hash databases for their clients.
posted by junesix at 6:47 PM on December 13, 2005


« Older I have 6 Western Digital PATA ...   |   So, one five hour surgery late... Newer »
This thread is closed to new comments.


Related Questions
How to get rid of the phisher? October 17, 2008
What to do after a PayPal Phishing Scam? March 3, 2008
How To Know If A Subletting Offer Is A Scam? January 25, 2008
Def Con Art Garfunkel November 12, 2006
ebay for sellers June 26, 2006