Why do phishers deliberately use bad grammar or spelling?

295 views

Doing data protection training and it says ‘Many hackers misspell words… on purpose.’
I’m glad this makes scams easier to spot but it just doesn’t seem to make sense to me as a useful tactic at all.

Edit: typo correction- hackers not jackets!

In: 592

32 Answers

Anonymous 0 Comments

If you’re uneducated enough to not pick up from the poor spelling and grammar that it’s probably a scam then you’re more likely to ultimately give them money.

In essence it’s to weed out people that won’t ultimately pay them.

Edit: Fixed typo

Anonymous 0 Comments

I heard somewhere (I can’t remember where) that if people are put off by the grammar than they don’t usually fall for the scam. The people who aren’t put off by the grammar are more likely the fall for the scam.

Why waste time on people who won’t fall for the scam when you could easily separate them from people who are more likely to fall for the scam.

So it’s a way of weeding out the “dummies” from the “smarties”

Anonymous 0 Comments

There’s one main reason, although you’ll it’s not the one you’re likely going to hear. The one you’re likely going to hear will talk about human psychology and wanting to separate the smart folks from the dumb folks. While interesting in and of itself, this isn’t the reason.

The real reason is they’re trying to avoid spam filters. That’s it. There’s no psychology behind it, they’re just trying to get around the spam filter bots that are in place with texting, instant messaging, and email services.

Anonymous 0 Comments

It is not there to filter for people more likely to fall for the scam.

They are avoiding spam filters.

Anonymous 0 Comments

You can always send more spam, that’s easy. Real work of scamming starts when someone responds. So you want to make sure only a complete moron takes the bait, otherwise you are wasting your time on trying to scam people you are not going to get money from.

Hmmzz… should hook ChatGPT up to talk with scammers…. wouldn’t that be fun.

Anonymous 0 Comments

Imagine you are playing catch. You need to catch a person, any person, from a big group of people.

What you could do is to jog towards the crowd and let them run away. Some of them would be super fast, no way you catch them. Those left behind are slow people. You go after them, and in the process you didn’t waste time and energy.

Anonymous 0 Comments

Two reasons: the humans writing the emails are not native speakers of the language and to bypass keyword filters. If the keyword filter blocks “porn” then misspelling the word to “pron” or “p0rn” will allow the emails thru until those misspellings are added to the filter. Computers are very literal and only block the exact spelling in the filter. Humans are good at non literal things and will usually replace the misspelled word with the correct one.

The continual ebb and flow require constant changes by the phishers and the antiphishers.

Anonymous 0 Comments

Do you think this idea has merit – that having bad grammar makes it seem more likely it’s written by a real person rather than a robot? Humanizing the text and invoking emotion so people relate and want to engage?
But I agree about the spam filtering.

Anonymous 0 Comments

If I want to scam playground kids by promising them pictures of Santa Clause, I only want kids who still believe in Santa Clause. So I make up a hokey story that people who don’t believe in Santa will immediately dismiss.

Freakenomics did a piece on this from the Nigerian Prince, and as others have eluded to it is deliberate. The big reason is their intended victims are self selecting.

If I send out a million emails, and get a 30% false positive ratio of people who answer the scam *and are not gullible enough to fall for it,* then it is a very costly and not profittable.

But if I send out a million emails and they are so outrageous that I get almost no false positives responses I only have to deal with those that are truly gullible it becomes much more profitable.

Anonymous 0 Comments

There’s a bit of history to this. Scammers tend to stay under the radar in certain countries if they can show that no reasonable person would fall for the scam. It goes back to the days before the internet when scammers had to deal w/ victims face to face, and they would use victim shaming a lot to avoid prosecution. People would rather lose a bit of money than let the public know they fell for something stupid. Think of it like this. We think that if you see a bag unattended that is not your bag, and you should leave it alone. Scammers think that when they see a bag unattended that if the person didn’t want their bag taken they would have secured it better and if they don’t help themselves to it then somebody else will. Some countries see this more as an act of opportunity than a crime of intent, and you’ll often see these criminals blame the victim instead of remorse for their actions. Even in law enforcement.