Gone phishing

« previous post | next post »

If I was going to go phishing, with English as my medium of communication in the ocean of dupes out there, I think I would first learn a little bit about the cultural practices of the English-speaking world. I like think that if I were a phisherman I would do a little better than this (received today; I quote the entire text):

From info@tnt.org Sat May 15 20:32:16 2010
Date: Sat, 15 May 2010 15:32:03 -0400
From: TNT COURIER
Reply-to: servicescouriertnt01@9.cn
Subject: bank draft
X-Originating-IP: 41.220.68.2
To: undisclosed-recipients:;

You have a bank draft of $250,000.00 USD,Please Contact the TNT INTERNATIONAL COURIER for claims with your

Name,Address,Age,Occupation,Tel and Country.Contact person Mr.Ellen Hanson,Tel:+2347025919258 Email:servicescouriertnt01
9.cn

I think I would have tried to set up a better nonlinguistic disguise: personal messages about significant sums of money come addressed to the person involved, not to an undisclosed list of recipients; the Chinese-registered server cluster 9.cn is an extremely implausible address for a Dutch courier company; 41.220.68.2 is a bad IP address for open sending of phishing spams from because it's an already reported Nigerian site; and a +234 phone number is a giveaway because it's the country code for Nigeria (which is not where TNT lives).

But above all I hope I would have done better on linguistic matters. It is easy to figure out from other people's usage that there are spaces after commas and periods in written Standard English. When you use "$" to mark an amount as US dollars, you don't use "USD" as well, so "$250,000.00 USD" is ungrammatical. And (as the sad fictional incidents related in the Johnny Cash song about a boy named Sue only underlines) most personal given names in English are not epicene: the likelihood that Mr. and Mrs. Hanson would have named their little boy Ellen is really very low indeed.

The astonishing linguistic ineptness of practitioners in the global phishing industry makes it all the more depressing that the industry does in fact make money. People really do send away their personal details and eventually bank account numbers in their efforts to claim their fictive quarter-million-dollar bank drafts. Language Log encourages you to look for basic literacy in emails that purport to relate to financial affairs. Little things like punctuation do matter: the rules of Standard English punctuation may be inherently trivial conventions, unimportant compared to the semantic content of a text, but the sort of people who get jobs communicating with the public on behalf of reputable Dutch courier companies (as opposed to running a backstreet phishing operation off an old PC and a cell phone in a Lagos slum) can generally punctuate correctly. And when male, they generally aren't called Ellen.



48 Comments

  1. Sam said,

    May 18, 2010 @ 4:30 pm

    As a partial counterexample I present the following (real but redacted) email autoresponse I recently received from my banker:

    I will be out of the office until Monday jULY 6TH, 2009. For immediate assistance, please contact our Direct banking centre at 1 800 nnn nnnn. Thank you.

  2. Kat said,

    May 18, 2010 @ 4:34 pm

    Isn't $USD to differentiate it from $CAD or $NZD or even $ for pesos?

  3. Brian said,

    May 18, 2010 @ 4:40 pm

    That sure is some way gone phishing, daddy-o!

  4. Jake said,

    May 18, 2010 @ 5:00 pm

    You'll love this one too, from http://www.theregister.co.uk/2010/05/18/phish_email/

    This is the entire text of the email, no links, graphics, anything.Just reply to their gmail address with all your details please!

    From: HSBC BANK [benno209@gmail.com]

    Dear valued customer Incidentally,there is an emergency shortlited varified problem in your account which there is a need to restore Pls send us all the enqiures of your bank account so that the varified problem will be entirely and stupidiously retrieve. Thanks for banking with us

  5. Glenn Branch said,

    May 18, 2010 @ 5:06 pm

    While the incidents related in the song are fictional, the original boy named Sue wasn't fictional: he was Sue K. Hicks (1895-1980), who was named after his mother, who died a few days after giving birth to him. Besides inspiring Shel Silverstein's lyrics to the song that Johnny Cash made famous, he is also remembered for being one of the organizers of, and prosecutors in, the 1925 trial of John Thomas Scopes for violating Tennessee's Butler Act, which forbade teachers in the public schools "to teach any theory that denies the story of the Divine Creation of man as taught in the Bible, and to teach instead that man has descended from a lower order of animals."

  6. David Schwartz said,

    May 18, 2010 @ 5:33 pm

    Stupidiously?

  7. Brian said,

    May 18, 2010 @ 5:54 pm

    Kat: You can use US$ (or CA$ or etc), or you can use USD (or CAD etc). Native speakers don't write USD$ (at least not yet).

    [And certainly not "$10 USD". —GKP]

  8. James said,

    May 18, 2010 @ 6:04 pm

    It's bad, but not as bad as the ungrammatical rejection emails I got from one American graduate school. Those ones really hurt.

  9. Alyson said,

    May 18, 2010 @ 6:45 pm

    I actually collect those and am trying to come up some way to do some kind of linguistic study on them. Also partially because I find them hilarious.

  10. Ellen K. said,

    May 18, 2010 @ 6:50 pm

    And even if native speakers did write $USD or USD$, that's not what was in the email.

  11. D'Arcy said,

    May 18, 2010 @ 7:09 pm

    I often use $[amount] USD when billing US clients.

    If I don't, they assume I mean Canadian dollars; if I put $[amount] US instead of USD, not all of them comprehend that the "US" is related to currency. I get replies like "You started to write an address, but only put US. Is there somewhere else you want the funds sent? Also, is that American or Canadian dollars?"

    English is my native language.

  12. ben said,

    May 18, 2010 @ 7:14 pm

    If you got a lot of takers without bothering to conceal that the country code of your phone number belongs to Nigeria (something that I am hardly in a position to recognize offhand), or with egregious punctuation-related errors, why would you bother improving your phishing email?

    Anyway, this post seems to overestimate the linguistic practices of many native English email senders, particularly as regards money. I wouldn't blink for a moment at "$10,000USD", any more than I would at "10,000$".

  13. Karen said,

    May 18, 2010 @ 7:34 pm

    Many people who send out emails like this aren't really in a position to improve their English. And they don't need to. One hit is all they need to more than recoup their expenses.

    That said, yes – there are often many clues that you're dealing with a scammer. The vast number of Christian widows of Kuwaiti embassy personnel in Cote d'Ivoire is staggering.

    (And I'd like to recommend the brilliant "I Do Not Come To You By Chance" for a look at the culture behind the spam.) [Bibliographical details please? —GKP]

  14. Leo Petr said,

    May 18, 2010 @ 7:54 pm

    I write things like $250 USD fairly often in reference to American currency. I am a non-native speaker living in Canada.

    I would only write $250 CAD in a context involving multiple currencies, though. I'd never include CAD or USD when the currency is unambiguous.

    Searching for "250 USD" turns up one incidence of my preferred usage in the first 10 hits.

    Searching for "100 USD" turns up a Yahoo questions and answers page that explicitly agrees with your grammatical preference as the first hit.

  15. Ellen K. said,

    May 18, 2010 @ 7:56 pm

    Ben, personally, native speaker or not, seeing "$250,000.00 USD" or "250,000$" or such from, well, any business that would be dealing with such sums, is a major don't-trust-them clue. It's not their English abilities that are the main issue. The point is, that and the punctuation and the "Mr Ellen" are clues that they aren't who they claim they are.

  16. Ellen K. said,

    May 18, 2010 @ 7:57 pm

    Wait… I shouldn't have left out the last name… a google search reveals legitimate use of "Mr. Ellen", with Ellen being the last name. Interesting.

  17. Qov said,

    May 18, 2010 @ 8:12 pm

    Noticeable incompetence in English may be advantageous to the authors of these e-mails. Their intended targets are people who are dishonest enough to gain money they don't deserve. The obvious errors help the victims underestimate the deviousness of the scammers. After all, if someone writes like an illiterate imitation of a Victorian novel, they reason, what's the chance that they are running an international con job? It's the same allure of innocence that has pickpockets use children as decoys.

    I'll bet a lot of these guys can write in perfect English, or at least in a perfect imitation of a native English speaking American teenager.

  18. Scriptor Ignotior said,

    May 18, 2010 @ 8:36 pm

    Stupidiously?

    OED has stupidious, marked as obsolete:

    Stupid, grossly unintelligent, dull. Hence †stuˈpidiously adv.

    Last citation for stupidious is 1615. Another example, perhaps, of popular English dictionaries in China and elsewhere not showing the currency of entries.

    Little things like punctuation do matter: …

    Yes.

    … the rules of Standard English punctuation may be inherently trivial conventions, …

    No.

    … unimportant compared to the semantic content of a text, …

    Hmmm … closely connected with the syntax and semantics of a text.

    … but the sort of people who get jobs communicating with the public on behalf of reputable Dutch courier companies (as opposed to running a backstreet phishing operation off an old PC and a cell phone in a Lagos slum) can generally punctuate correctly.

    Dutch companies? Perhaps. The point would be less secure for those in the heartlands of Anglophonia. And for correctly are we to read in accord with rational and consistent conventions?

    Well, I did receive an agreeble email this morning from a company in a heartland of Anglophonia:

    The recently launched Beethoven Project Trio makes its CD debut with the world premiere recording of Beethoven's recently rediscovered Piano Trio in E-Flat Major, Hess 47, plus two more rarely-heard Beethoven piano trios.

    Expert deployment of hyphens. None in The recently launched Beethoven Project Trio or recently rediscovered Piano Trio; but in two more rarely-heard Beethoven piano trios, a perfectly justified hyphen that seems to be against the usual rule. The phrase could otherwise be misconstrued as two {more rarely heard} Beethoven piano trios. All that, and shrewd avoidance of a hyphen in the world premiere recording.

  19. Brett said,

    May 18, 2010 @ 9:07 pm

    I had friends who used to hack these scammers free e-mail accounts and collect information about the people they were conning. I was one of the people who volunteered to call the victims and warn them. While some of the people I talked to clearly ought to have been able to see through the low quality scam e-mails, about half of the victims were clearly non-native English speakers themselves. And I only called potential victims who were located in the United States and Canda; there were many more elsewhere in the world, whose average English proficiency was probably significantly lower.

  20. Ran Ari-Gur said,

    May 18, 2010 @ 10:31 pm

    Many or most Americans won't recognize "USD", so the "$250,000.00 USD" format is actually well-attested in contexts where the audience includes both Americans and people from other countries. (I'd prefer "$250,000.00 US", personally, but I don't make the rules.)

  21. Hans Henrik Juhl said,

    May 18, 2010 @ 10:56 pm

    Oh, these examples are nothing compared to some of the phishing mails I have received, that were poorly machine translated into Danish making some of them almost unreadable.

  22. Garrett Wollman said,

    May 18, 2010 @ 11:17 pm

    The convention, as far as I am aware, is for the ISO 4217 symbol to *replace* the national symbol, as Geoff suggests. I normally prepend the symbol, but I sometimes append it if there is more complicated dimensional analysis going on. I have no idea if this is stated in ISO 4217 or any other standard.

    Other common mistakes in phishing mail include the salutation "Dear,", which certainly jars when coming from a stranger. Often the subject headers will also be bizarre, as with "FROM MISS DANICA HANS," and "FROM UNION BANK OF NIG PLC", which no competent user of email would ever write as a subject.

  23. Henning Makholm said,

    May 19, 2010 @ 12:22 am

    @Qov: That's an excellent point.

  24. Nathan Myers said,

    May 19, 2010 @ 2:11 am

    Standard notation is "USD 49.99" or "US$49.99", your choice. In many contexts (still!) there is no "$" character, so there's no choice. "$49.99 USD" is unambiguous but peculiar and prolix. What's wrong with the standard notation?

    I had gathered that "$" started out as "U" superimposed on "S", and then simplified, making "US$" seem like reduplication. I have no idea if that's true.

  25. Elizabeth M said,

    May 19, 2010 @ 4:01 am

    Who would have thought that $X.XX USD would cause such controversy?

    I've often used the format symbol-amount-currency type when acting as a (technical) writer. In my mind, its much easier to parse while reading as it flows the same way as how you'd say the sentence. My American, British, and Australian reviewers also seem quite happy with that format as well.

  26. Q. Pheevr said,

    May 19, 2010 @ 5:19 am

    […T]he sort of people who get jobs communicating with the public on behalf of reputable Dutch courier companies […] can generally punctuate correctly […].

    Here, I think, you are making precisely the sort of statement you have so often inveighed against in Language Log posts past: a generalization about language use that, though it is empirically testable, is asserted solely on the strength of one's own beliefs about what ought to be true, with no attempt to make even the most rudimentary reality check. I invite you to reconsider that assertion in light of the following passage from the first English-language page I came to by following links from http://www.tnt.nl:

    welcome to myTNT
    A password protected secure environment where as a registered customer you can easily access your own detailed and personalised shipping information. Discover personalised shipping tracking pricing and transit times.

    By my count, these two sentences are missing one hyphen and two or three commas (depending, of course, on whether one insists on the serial comma).

    One could make the case that TNT is neither reputable (they've lost stuff for me a couple of times) nor Dutch (they run the Dutch postal system, but I believe their courier business is based in Australia), but then your comment becomes something of a non sequitur.

    [The group as a whole seems to be Dutch, with a +31 corporate HQ phone number. —GKP]

  27. Nick Lamb said,

    May 19, 2010 @ 5:53 am

    Qov's claim roughly matches what our CEO reported after speaking with criminals who'd been caught (imprisoned?) on a fact finding tour (I work in what might be called the identity theft prevention business) about 419 scams. The scammers interviewed said that poorly written emails got better responses, that is, more people taking the bait and less time wasters.

    Despite the post title, this isn't phishing so far as I can see. In Phishing they want your bank credentials in order to impersonate you and empty your bank account. Very few people are gullible enough to volunteer such credentials by email, so a web site is set up which appears to be your bank. It's sophisticated, often highly automated, usually involves European or American gangs. In contrast a 419 scam is a classic confidence trick, the victim will be told they must wire money to someone to pay "fees" or "taxes" or out of pocket expenses against a future return that will be huge. The 419 scammer may ask for bank details, but only to establish that you're going along with their story, not usually with the intent to try to break into your bank account. 419 scammers are usually lone operators, often from Nigeria (hence 419, a reference to the relevant Nigerian criminal law) and fairly unsophisticated. They sit at PCs for hours sending these emails, waiting for someone to take the bait.

  28. Ginger Yellow said,

    May 19, 2010 @ 6:25 am

    "the Chinese-registered server cluster 9.cn is an extremely implausible address for a Dutch courier company"

    I'm always amazed by the number of former EU officials and Congolese ministers who have Hong Kong Yahoo email accounts.

  29. Joaquim said,

    May 19, 2010 @ 6:36 am

    As Hans Henrik Juhl points out, spam/scam/phishing texts in English are usually far more competent than in other languages. A couple of hours ago I got this one:
    Hola ****, ¿están cansado de trabajar y no generar suficiente dinero?
    Si es así EURO STARS CASINO es tu escape perfecto – aquí tu puedes hacer dinero fácil y divertirte al mismo tiempo.
    Recibir el premio 1000 Euros es ahora.

  30. Q. Pheevr said,

    May 19, 2010 @ 7:14 am

    The group as a whole seems to be Dutch, with a +31 corporate HQ phone number.

    My mistake. TNT was founded in Australia, but is currently based in Hoofddorp.

  31. Nik Berry said,

    May 19, 2010 @ 7:36 am

    Normal Nigerian practice is to write names as Surname Forename, so I suspect the scammer was intending to be Mr. Hanson Ellen.

  32. Stephen Jones said,

    May 19, 2010 @ 7:55 am

    I had gathered that "$" started out as "U" superimposed on "S",

    I believe it was the sign for peso. The most common explanation is that it is an 's' written over a 'p'.
    http://en.wikipedia.org/wiki/Dollar_sign

  33. Army1987 said,

    May 19, 2010 @ 9:38 am

    So it's not just Italian that it's hard for phishers to learn, is it.

  34. Lane said,

    May 19, 2010 @ 10:54 am

    I'm sure there's a good nonfiction book about phishing spam, but for the best cartoon account,

    http://www.achewood.com/index.php?date=03052007

  35. Alyson said,

    May 19, 2010 @ 11:56 am

    I'm not sure what it is with the name Ellen, but I have gotten several emails from someone claiming to be Elena Fifkov with an interest in seeking financial asylum for money that supposedly belonged to the USSR. This shows that whoever is sending this also does not know much about Russian culture, as someone named Elena would actually have a feminine version of the surname (in this case, the name would be Elena Fifkova). If some Russian parents decided for whatever reason to name their boy child Elena, they would most certainly be charged with some kind of child abuse, since they would opening their kid up for all sorts of violence perpetrated by other children.

  36. a.y. mous said,

    May 19, 2010 @ 12:37 pm

    >> Gone phishing
    >> May 18, 2010 @ 4:23 pm · Filed by Geoffrey K. Pullum under Silliness

    AND

    >> would do a little better than this (received today; I quote the entire text):
    >> From info@tnt.org Sat May 15 20:32:16 2010

    Is this a language error or is GKP phishing for something or is Mark not minding his blog software? Questions. Questions. Where would we be without them! Questions!

    And it says

    >> Date: Sat, 15 May 2010 15:32:03 -0400

    Is Nigeria 4 times zones west of Greenwich?

  37. Troy S. said,

    May 19, 2010 @ 1:42 pm

    I spent some time in Bahrain, where several currencies are commonly traded, including Bahraini dinars, US dollars, Emirati dirhams, and Saudi riyals. It was quite common among us American expatriates to say things like "BD" (or even "beeds") and "USD".

  38. Kaspars said,

    May 19, 2010 @ 2:05 pm

    >> When you use "$" to mark an amount as US dollars, you don't use "USD"

    Actually I just received the follow message from Chase: "Your ($USD) $123.45 payment will post to your credit card account."

    Slightly different from the $xxx USD format but I have often seen it in the international context so I wouldn't think of it as a red flag.

    And maybe the whole point of this scam is to make believe that it is some foreign bank with employees that use English as a second language. Too perfect native style would make one suspicious. People are more susceptible to fraud when it is not locally connected.

  39. Charles said,

    May 19, 2010 @ 3:33 pm

    "Other common mistakes in phishing mail include the salutation "Dear,", which certainly jars when coming from a stranger. "

    Is it? I regularly address formal letters to strangers as "Dear Mr. Smith:" Even to anonymous strangers: "Dear Sir:" or the clunkier but more inclusive "Dear Sir or Madam:" Just starting the letter "Mr. Smith:" seems a bit brash to me, and I'm not aware of a common alternative.

  40. ohwilleke said,

    May 19, 2010 @ 4:31 pm

    "When you use "$" to mark an amount as US dollars, you don't use "USD" as well, so "$250,000.00 USD" is ungrammatical."

    The express "$250,000.00 USD" is quite common and the actually specifically teach you to make that distinction in law school, where many first year contract students encounter a case where a Canadian and an American enter into a contract for "$250,000" to use an example, and the court holds that there is no binding contract because there wasn't a meeting of the minds on the currency involved. The "$" sign is a sign for "dollar" and does not denote which of the many currencies called "dollars" is involved. Failure to denote a currency would generally be poor useage (although not actually ungrammatical) in an international transaction because it is ambiguous.

    The fact that it is written "$250,000.00" rather than "$250,000" is probably more unusual.

  41. Bloix said,

    May 19, 2010 @ 5:03 pm

    Any discussion of the origin of $ has to take into account the existence of £, which presumably predates the $ sign. It would be odd for the two to have unrelated origins. The £ sign is an abbreviation for "libra," Latin for a unit of weight. There is a theory that $ originated as an abbreviation for "shilling," the English coin that was worth one-twentieth of a pound. At least it has the virtue of consistency – whether there's any evidence for it is another matter.

  42. Joshua said,

    May 19, 2010 @ 6:38 pm

    I once received a phishing e-mail from someone claiming to be from "Widows Live Hotmail."

    I considered writing back to say, "My condolences on the loss of your husband," but then I thought better of the idea and decided not to respond at all.

  43. Rachael said,

    May 20, 2010 @ 8:24 am

    Charles:

    I think the previous poster means *just* "Dear," not "Dear Mr Smith" or anything. (Note the comma inside the quotation, as well as the one outside.) You might get a letter from your gran addressing you as just "Dear", but not one from a stranger.

  44. Mel Nicholson said,

    May 20, 2010 @ 9:11 am

    The bibliographic detail you asked for is Adaobi Tricia Nwaubani, I Do Not Come to You by Chance, Hyperion, 2009. I can't second the recommendation as I haven't read it.

  45. Zubon said,

    May 20, 2010 @ 9:11 am

    Bibliographic details: Google suggests: I Do Not Come to You by Chance (9781401323110) by Adaobi Tricia Nwaubani.

  46. Karen said,

    May 21, 2010 @ 9:31 am

    I'd note that Ms Elena Firkov is certainly possible for Russians operating in English. They don't always use the feminine version of the name – I work with someone whose name is -sky in English, but -skaya in Russian. She kept it -sky to match her husband.

  47. Karen said,

    May 21, 2010 @ 9:33 am

    And yes, that's the book – Adaobi Tricia Nwaubani is the author. Sorry to be late responding, so late I was beaten to it.

  48. Kate Y. said,

    May 24, 2010 @ 7:02 am

    I'm having a great deal of difficulty getting past the opening sentence of this post: "If I was going to…."

    Ow ow ow ow ow. I realize that the subjunctive is endangered in the wild, but here—?

RSS feed for comments on this post