April 05, 2008

Phishy Mail

After a short spurt of postings about phishing back in 2004 (here, here, and here), Geoff Pullum returned to the topic in January.  Once again, his interest was in detecting phishing by looking at the grammatical and orthographic errors in postings.  Occasionally, as with some phishing attempts sent from a Stanford address to computer users at Stanford over the past few months, the mail is scarcely detectable at bogus.  But most attempts at phishing are astonishingly incompetent; you wonder how people could be taken in.  An example, ostensibly from customers.unit@uga.edu (the University of Georgia), is below, with some (but not all) notable features boldfaced.  For some time, I've been interested in whether there's enough evidence in these really inept messages for us to make a reasonable guess at the native language of the writer(s) -- which we have to hope is not English -- but the errors suggest structures that are very common in the world's languages.

The message, in a form largely identical in substance to the one below, but purporting to be from netcom.co.uk, has already been labeled a hoax by Net Communications (a week ago).  There are probably other variants out there.  On to the evidence:

Dear Account User,

This message is from One Communications Internet SM message center to all uga.edu ® account owners.We are currently upgrading our data base and e-mail account center. We are deleting all unused uga.edu ® account to create more spacefor new accounts.

You are advice to verify and confirm your account details below to enable us upgrade our school uga.edu ®  Internet Service e.g. Your uga.edu ®

E-mail, Password, and Address etc.

Anyone who fails to do this will automatically lose his/her own Account.

Thanks for using uga.edu ® Internet SM To prevent the lost of your account please upadete it below before three days from now!

       Confirm Your Account Details

uga.edu ® ID:

You will be sent a new confirmation/alphanumerical password so that it will only be valid during this period and can be changed after the process.

I was first made suspicious of the message because I have no account at uga.edu and have never had one.  (Nor have I ever had a netcom account.)  Then there are some orthographic oddities (not marked above):

Not only is the registration mark ® used every time the putative sender's address is given (which could be interpreted as mere institutional overkill), it's separated by a space from this address every time, though this is not standard practice (the mark should be solid with the name).

Several words are capitalized in nonstandard fashion -- Internet Service; his/her own Account; e.g. Your uga.edu; E-mail, Password, and Address -- but this could be bureaucratic excess, of the sort that gives rise to Account User above and similar Impressive Capitalization in bureaucratic communications from other sources.

Still on orthography (marked above):

no space between sentences in account owners.We.

spacefor written solid; the UK version has thiswill written solid.

no period separating sentences in Internet SM To prevent.

Spelling: upadete for update.

Word choice (of a phonologically similar and morphologically related word): are advice to for are advised to; prevent the lost for prevent the loss.

Word choice (more subtle): alphanumerical password where alphanumeric password is much more common (924 vs. 18,600 raw Google webhits), though alphanumerical is not morphologically ill-formed.  Also, a number of occurrences of alphanumerical password on the web seem to be from non-native speakers.

Syntax (the most interesting stuff):

missing definite article in from One Communications ... message center.

missing plural in all unused ... account.

missing infinitival to in enable us upgrade.

inappropriate own in his/her own Account.

(my favorite) a combination of subordination markers in so that it will ..., where that will ... would have done (though it's hard to tell what the writer was aiming for).

a subtlety, not marked above: please upadete it below before three days from now.  This is not ungrammatical, it seems to me, but it's not how a native speaker would put it: please update it below within three days (from now) is what I'd expect.

The piece is dense with errors and infelicities.  I wonder where it really comes from.

Posted by Arnold Zwicky at April 5, 2008 01:50 PM