My friend Nathan Sanders has shown me a phishing spam that he got which purported to be from Citibank. It did very badly indeed on linguistic accuracy and thus was much easier than usual to spot as trickery. In fact it's a little lesson in grammatical and orthographic slip-ups all on its own.
Subject: ATTN: SafeGuard your account (Citi.com) MsgID# 80309245
Recently there have been a large number of cyber attacks pointing our database servers. In order to safeguard your account, we require you to sign on immediately.
This personal check is requested of you as a precautionary measure and to ensure yourselves that everything is normal with your balance and personal information.
This process is mandatory, and if you did not sign on within the nearest time your account may be subject to temporary suspension.
Please make sure you have your Citibank(R) debit card number and your User ID and Password at hand.
Please use our secure counter server to indicate that you have signed on, please click the link bellow:
!! Note that we have no particular indications that your details have been compromised in any way.
Thank you for your prompt attention to this matter and thank you for using Citibank(R)
Citibank(R) Card Department MsgID# 80309245
(C)2004 Citibank. Citibank, N.A., Citibank, F.S.B., Citibank (West), FSB. Member FDIC.Citibank and Arc Design is a registered service mark of Citicorp.
Those of you who are taking my distance-learning course in Forensic Syntax For Spam Detection should spend a moment listing the errors in this text. You should be able to find ten errors.
* * * * * * *
O.K., time's up. I'll just run through the correct answers.
So this message is an illiterate, error-stuffed disaster, and the spammer who wrote it will only be stealing the bank account contents of particularly unobservant and linguistically uneducated people: poor people, immigrants, foreigners, semi-literate people, careless readers, not Language Log people at all. Alert Language Loggers are not likely to fall for this piece of junkware.
But beware: I got a message purporting to come from Citibank too, and unfortunately it's grammatically impeccable:
Dear Citibank valued customer,
Citibank is committed to protecting the security of our clients' personal information, including when it is transmitted online. Therefore our ATM services utilize advanced security technology to protect your personal financial information.
In order to be prepared for the smart card upgrade on Visa and MasterCard debit and credit cards and to avoid problems with our ATM services, we have recently introduced additional security measures and upgraded our software.
This security upgrade will be effective immediately and requires our customers to update their ATM card information. Please update your information here
© Citibank Customer Support Dept.
It ended with some invisible words written in white, probably a device designed (unsuccessfully in this case) to fool spam filters: "b 5 2141 arboretum preponderate seoul addle devolve salve bette remembrance loud countdown fascicle milk hook finesse lagging daedalus deanna bluish bonneville condemnate bar transmitted perennial Freddie 1 J rendezvous witt nina catalogue walden apologetic gaspee evacuate enol preferring giveth substantiate ladyfern shepard inclose gary contradistinction 638 65093358[0-255", it said, implausibly but also invisibly. (It wasn't invisible to me because I examine my suspected spam with Unix tools, not the brightly colored click-here tempting toyware that Windows programmers want me to use.)
The second example shows what can be done by literate guys who control the grammar and really know how to phish. Caveat browsor.Posted by Geoffrey K. Pullum at September 23, 2004 01:56 PM