After a short spurt of postings about phishing back in 2004 (here,
Geoff Pullum returned to the topic in
January. Once again, his interest was in detecting phishing
by looking at the grammatical and orthographic errors in
postings. Occasionally, as with some phishing attempts sent from
a Stanford address to computer users at Stanford over the past few
months, the mail is scarcely detectable at bogus. But most
attempts at phishing are astonishingly incompetent; you wonder how
people could be taken in. An example, ostensibly from
firstname.lastname@example.org (the University of Georgia), is below, with some
(but not all) notable features boldfaced. For some time, I've
been interested in whether there's enough evidence in these really
inept messages for us to make a reasonable guess at the native language
of the writer(s) -- which we have to hope is not English -- but the
errors suggest structures that are very common in the world's languages.
The message, in a form largely identical in substance to the one below,
but purporting to be from netcom.co.uk, has already been labeled a hoax
by Net Communications (a week ago). There are probably other
variants out there. On to the evidence:
Dear Account User,
This message is from One
Communications Internet SM message center to all uga.edu ® account
owners.We are currently
upgrading our data base and e-mail account center. We are deleting all
unused uga.edu ® account
to create more spacefor new
You are advice to verify and
confirm your account details below to enable
us upgrade our school uga.edu ® Internet Service e.g.
Your uga.edu ®
E-mail, Password, and Address etc.
Anyone who fails to do this will automatically lose his/her own Account.
Thanks for using uga.edu ® Internet SM To prevent the lost of your account please upadete it below before three days
Confirm Your Account Details
uga.edu ® ID:
You will be sent a new confirmation/alphanumerical
password so that it
will only be valid during this period and can be changed after the
I was first made suspicious of the message because I have no account at
uga.edu and have never had one. (Nor have I ever had a netcom
account.) Then there are some orthographic oddities (not marked
Not only is the registration mark ®
used every time the putative sender's address is given (which could be
interpreted as mere institutional overkill), it's separated by a space
from this address every time, though this is not standard practice (the
mark should be solid with the name).
Several words are capitalized in nonstandard fashion -- Internet Service; his/her own Account; e.g. Your uga.edu; E-mail, Password, and Address --
but this could be bureaucratic excess, of the sort that gives rise to Account
User above and similar
Impressive Capitalization in bureaucratic communications from other
Still on orthography (marked above):
no space between sentences in account owners.We.
spacefor written solid; the UK
version has thiswill written
no period separating sentences in Internet
SM To prevent.
Word choice (of a phonologically similar and morphologically related
word): are advice to
for are advised to
; prevent the lost
for prevent the loss
Word choice (more subtle): alphanumerical
is much more common (924 vs. 18,600 raw Google
webhits), though alphanumerical
is not morphologically ill-formed. Also, a number of occurrences
of alphanumerical password
the web seem to be from non-native speakers.
Syntax (the most interesting stuff):
missing definite article in from One Communications ... message center.
missing plural in all unused ...
missing infinitival to in enable us upgrade.
inappropriate own in his/her own Account.
(my favorite) a combination of subordination markers in so that it will ..., where that will ... would have done
(though it's hard to tell what the writer was aiming for).
a subtlety, not marked above: please
upadete it below before three days from now. This is not
ungrammatical, it seems to me, but it's not how a native speaker would
put it: please update it below
within three days (from now)
is what I'd expect.
The piece is dense with errors and infelicities. I wonder where
it really comes from.
Posted by Arnold Zwicky at April 5, 2008 01:50 PM