In case you haven’t noticed, many hackers seem to be challenged when it comes to spelling. At times their spelling, poor syntax and overall command of English is laughable. In fact you can spot most phishing scams by looking for misspellings. Why can’t hackers spell? It turns out there are actually some good reasons for this. Here are just a few.
Many aren’t native speakers
The most common kind of hacking for you and I to see is phishing. Email phishing scams often originate overseas and the scammers don’t speak English as a native language. In fact many barely speak English at all.
The bottom line on most phishing scams is that they are only really profitable in poor countries. They are time consuming, the odds of success are small and if you live in a developed country, the odds of getting caught are high. In the third world, on the other hand, local laws make it easier to get away with and the poor economy makes the potential payout that much larger.
Computers are dumb
Computers are dumb in a very smart way, or smart in a dumb way. However, you want to put it, computers are totally literal. Email providers rely on automated searches for specific keywords to filter out spam.
Spammers try avoid being filtered out by discovering those keywords and tweaking their emails accordingly. If Microsoft is filtering out all fake hotmail emails from account administration, try hottmail instead and you might get through. Scammers are banking on two things, that the average human reader won’t notice the misspelling and the average computer won’t make the connection. And it works.
Spamming has got to be one of the dullest jobs out there. Forget everything the movies have taught you about hacking, most of it is slow work. Why even do it?
Spam emails have a click through rate of a fraction of a percent, if they are lucky. A thousand emails selling viagra cheap might get a single response. Spam persists because email is free. All it cost to send those thousand emails was the sender’s time.
But time is money. If you spend hours crafting the perfect pitch for cheap viagra and collecting thousands of emails to make one sale, you’re losing money. So they automate.
Spammers might run dozens of “squeeze sites,” blogs designed to get you to give over your email address or send you to a legitimate retailer through an affiliate link so they get a cut of the sale. For example the blog may advertise a special report on how to succeed at (blank) if you sign up for their newsletter.
Nobody has time to generate content on dozens of sites, write a dozen spam emails and books of any quality. Instead the cut and paste from other blogs. They create “books” by simply pasting a half dozen poorly related blogs into one document. Sometimes they use programs to generate portions of the text. The result is clunky text with poor syntax and many grammatical errors.
Another reason why many phishing scams have such poor grammar and syntax has to do with SEO or Search Engine Optimization. SEO is about making a website friendly to search engines so that it gets more hits. A common strategy is to focus on having the right keywords in the title and body of the post.
Scammers take it too far. They emphasize keywords over coherent text. Having the right set of keywords to make their site show up on your search and getting you to click on it is more important than what you see when you get there. For some malware sites, getting you to the site is enough. Even if you realize it’s a scam once you’re there, the damage is done.
The process of elimination
The final, and simplest reason hackers send such atrociously obvious emails is the process of elimination. Phishing is a numbers game. Don’t even waste your time on people who won’t fall for your scam. By making their pitch blatantly obvious, they eliminate 99% of the people with critical thinking skills. The occasional person to answer the email or click on the links has already shown themselves to be gullible and therefore, a better bet for their scam.