Phishy Mail
After a short spurt of postings about phishing back in 2004 (here,
here,
and here),
Geoff Pullum returned to the topic in
January. Once again, his interest was in detecting phishing
by looking at the grammatical and orthographic errors in
postings. Occasionally, as with some phishing attempts sent from
a Stanford address to computer users at Stanford over the past few
months, the mail is scarcely detectable at bogus. But most
attempts at phishing are astonishingly incompetent; you wonder how
people could be taken in. An example, ostensibly from
customers.unit@uga.edu (the University of Georgia), is below, with some
(but not all) notable features boldfaced. For some time, I've
been interested in whether there's enough evidence in these really
inept messages for us to make a reasonable guess at the native language
of the writer(s) -- which we have to hope is not English -- but the
errors suggest structures that are very common in the world's languages.
The message, in a form largely identical in substance to the one below,
but purporting to be from netcom.co.uk, has already been labeled a hoax
by Net Communications (a week ago). There are probably other
variants out there. On to the evidence:
Dear Account User,
This message is from One
Communications Internet SM message center to all uga.edu ® account
owners.We are currently
upgrading our data base and e-mail account center. We are deleting all
unused uga.edu ® account
to create more spacefor new
accounts.
You are advice to verify and
confirm your account details below to enable
us upgrade our school uga.edu ® Internet Service e.g.
Your uga.edu ®
E-mail, Password, and Address etc.
Anyone who fails to do this will automatically lose his/her own Account.
Thanks for using uga.edu ® Internet SM To prevent the lost of your account please upadete it below before three days
from now!
Confirm Your Account Details
uga.edu ® ID:
Password:
You will be sent a new confirmation/alphanumerical
password so that it
will only be valid during this period and can be changed after the
process.
I was first made suspicious of the message because I have no account at
uga.edu and have never had one. (Nor have I ever had a netcom
account.) Then there are some orthographic oddities (not marked
above):
Not only is the registration mark ®
used every time the putative sender's address is given (which could be
interpreted as mere institutional overkill), it's separated by a space
from this address every time, though this is not standard practice (the
mark should be solid with the name).
Several words are capitalized in nonstandard fashion -- Internet Service; his/her own Account; e.g. Your uga.edu; E-mail, Password, and Address --
but this could be bureaucratic excess, of the sort that gives rise to Account
User above and similar
Impressive Capitalization in bureaucratic communications from other
sources.
Still on orthography (marked above):
no space between sentences in account owners.We.
spacefor written solid; the UK
version has thiswill written
solid.
no period separating sentences in Internet
SM To prevent.
Spelling:
upadete for
update.
Word choice (of a phonologically similar and morphologically related
word):
are advice to for
are advised to;
prevent the lost for
prevent the loss.
Word choice (more subtle):
alphanumerical
password where
alphanumeric
password is much more common (924 vs. 18,600 raw Google
webhits), though
alphanumerical
is not morphologically ill-formed. Also, a number of occurrences
of
alphanumerical password on
the web seem to be from non-native speakers.
Syntax (the most interesting stuff):
missing definite article in from One Communications ... message center.
missing plural in all unused ...
account.
missing infinitival to in enable us upgrade.
inappropriate own in his/her own Account.
(my favorite) a combination of subordination markers in so that it will ..., where that will ... would have done
(though it's hard to tell what the writer was aiming for).
a subtlety, not marked above: please
upadete it below before three days from now. This is not
ungrammatical, it seems to me, but it's not how a native speaker would
put it: please update it below
within three days (from now)
is what I'd expect.
The piece is dense with errors and infelicities. I wonder where
it really comes from.
Posted by Arnold Zwicky at April 5, 2008 01:50 PM