Phishers aren't even trying anymore

[dropzone]

Dropzone, how you been? I hope everything ls okay now. I’ve got somee awesome news For you…

The Government ls giving out money ln your State for…college.

The amount ls $5,815*

Youu can usee this money for Online courses.

lt Only takes about a minute to check lf you qualify.

Click-HERE-to-see-lf-you-Qualiify…

Best.Wishees

I’d highlight the errors, but they’re blatant. I don’t suppose their college offered a course in using Spell Check.

[GaryM]

So, are they sending a check, or money order? Perhaps a Green Dot cash card?

[running_coach]

GaryM:

So, are they sending a check, or money order? Perhaps a Green Dot cash card?

For your convenience, they will deposit straight to your checking account. All they need are your login credentials and answers to challenge questions.

Easy as pie!

[wolfpup]

Sounds like “The Government” is outsourcing the administration of its college grant programs to Nigerian princes. Makes sense, since the princes already have well-established email networks and they do have a way with words.

[CairoCarol]

Usee?
Wishees?

I think that phisher has a MacBook like mine, with the sticky keys.

[mbh]

if wishees were phishees, we’d all cast nets.

[running_coach]

mbh:

if wishees were phishees, we’d all cast nets.

Clickety, clickety, click. footstomp Clickety, clickety, click.

[Nawth_Chucka]

Their typos are deliberate; they know their best mark will be the one who ignores them for the promise of money. They won’t double-check anything they’re told if they won’t even stop to look at how bad the typos are.

[Cugel]

That’s the conventional wisdom, but doesn’t explain why phishes that are just trying to steal logins by faking official emails/websites make the same errors. The more believable they are, the more likely the mark will be fooled.

[Nawth_Chucka]

Cugel:

That’s the conventional wisdom, but doesn’t explain why phishes that are just trying to steal logins by faking official emails/websites make the same errors. The more believable they are, the more likely the mark will be fooled.

They are looking for greedy idiots. They get more than enough of them or else they wouldn’t keep doing it.

[CairoCarol]

Cugel:

That’s the conventional wisdom, but doesn’t explain why phishes that are just trying to steal logins by faking official emails/websites make the same errors. The more believable they are, the more likely the mark will be fooled.

Definitely. I got one from “Netflix” a couple days ago, saying there was a problem with my payment and they’d try again, but meanwhile if I wanted to check my invoice status I could click here. Since I did change my credit card number a little while ago, it didn’t seem completely out of the question that an autopay update might have slipped through the cracks.

The phishing was quite well done. No errors, extremely professional-looking, and the icing on the cake was the offhand “hey, no need to do anything unless you want to; we’re going to try again so everything is probably okay.”

The three things that alerted me to the fact it was fake were the “dear customer” rather than “dear CairoCarol,” the source email address which was gobblygook, and the fact that two identical emails came in within an hour or so, but each with a different “case number.”

I admit though, it gave me pause. If I’d been just a little less cautious, they could have gotten me. I’m sure it’s a very effective spoof.