Finally got an answer to a question that has been bugging me for years – why do phishing e-mails contain typos and grammatical errors?
For me, a typo clearly signals that the phishing e-mail isn’t genuine. If my real bank sent me an e-mail, surely they’d be able to spell? Given that internet fraud is such big business, surely scammers can employ people who can write proper English?
Well, it turns out the typos may be deliberate. To successfully scam someone the victim needs to be massively gullible. Identifying such a victim is difficult. By making the phishing e-mails less than realistic, only really gullible people will be taken in. So typos are a deliberate attempt to get gullible people to self-select. If they were more realistic, more normal people would click on the links, and further down the line the normal people would realise it’s a scam and pull out. It’s basically a way of say “If you believe this e-mail, full of typos and other hints that it’s a scam, is really from your bank, well, you’re exactly the kind of person we want to hear from, so click here!”