We aren’t really supposed to chuckle at spams and scams.
They’re the vehicles of cybercriminality, after all.
But once in a while we pick one that made us smile, especially if it was an example of a cybercrime attempt that didn’t work out.
Then we write it up an a humorous warning that nevertheless has an educational side.
So when Naked Security reader swallace136, who has an eye for grammatical humour, sent us this phish against UK High Street bank Lloyds, we thought we’d share it.
The subject line is so close to proper English, yet so curiously far from it that it made swallace136 smile:
We have emailed you to let you know that your account has been randomly selected for an annually review. As a result of this your account will be on-hold until you complete the required steps through the link below:
[Annually verification process]
The adjective “annual”, used to describe a verification process that happens once a year, has been turned into the adverb “annually.”
Unfortunately, you simply aren’t allowed to do that in English, as your teacher at school probably told you (whether you learned English as your first language or not).
Adverbs go with, well, with verbs, and describe the manner in which something happened, e.g. well, quickly, annually.
Adjectives go with nouns, and if English wasn’t such a hotchpotch of other languages, they’d be called adnouns, which would be a much more logical name.
So adjectives describe things or people, e.g. good, fast, annual.
Sometimes you can switch adjectives and adverbs around and sound correct.
For example, some dialects of English answer the question, “How are you?” by saying, “I am well,” meaning, “I am doing well.”
Others say, “I’m good,” meaning, “My health is good,” but also sneakily implying that they are “good” in the sense of “well-behaved,” in case you might have thought otherwise.
Australians and Kiwis notably use “I’m good” instead of “I’m well.”
Perhaps they are used to living so far away from everyone else (except, perhaps, each other) that they might as well make the point that they haven’t descended into anarchy since anyone last checked.
But most of the time, it is inexcusable to swap round phrases like long and at length, or lofty and loftily, for all that it might make significantly more sense than mixing up, say, plethora and Pretoria.
A silver lining
Anyway, in this phishing example, the mixup between adjective and adverb is very handy, because it ends up looking peculiar.
Indeed, it looks even weirder than if it said something absurd like Annual vilification process or Annual verification protest, either of which might be excused or overlooked as a mere typo.
So that’s a bad start for the crooks.
It also didn’t help their credibility that they started off by telling you that your account was chosen at random for its annually verification, before giving you three very specific reasons why you need to go through the process:
One of those reasons, if you don’t mind, is the crashingly ironic suggestion that WE THINK YOU ARE A MONEY-WASHING CYBERCROOK.
If you aren’t a crook, you’re hardly going to warm to the accusation, in an unencrypted email, that your bank thinks you are.
And if you are a crook, you’re hardly going to be put off your stride by other cybercrooks, especially those who can’t tell their technicals from their technicalities.
What is even better news for us is that the server they were hoping to use for their criminal activities isn’t working.
By that, we don’t just mean that access to it is blocked by Sophos products (just in case they fix it), but that the crooks don’t seem to have been able to populate it with fake login pages.
Result!
The bottom line
• If in doubt, leave it out. Don’t get into the habit of clicking on links just because you’re inquisitive. Your best defence is to stay well away in the first place.
• Consider running a web filtering product. You can use the full-blown Sophos UTM for free on a spare computer or virtual machine at home. (See below.)
• Don’t click through to login pages from emails. Reputable organisations never send you login links, specifically so that the only login links you get are from crooks and can be ignored.
Sophos UTM Home Edition
Want to filter dodgy emails and dangerous websites at home, for free?
Try our award winning UTM.
The Home Edition includes all the Sophos UTM features: email scanning, web filtering, a VPN, web application security, and everything you need to keep up to 50 devices on your home network secure, 100% free for home use.
In you live in a shared house, or you have children to look out for online, this could be just the product you need.
Better yet, you get 12 free licences for Sophos Anti-Virus for Windows that you can install and manage throughout your household, right from the UTM web console.
Anonymous
I love these articles… its like a cyber world equivalent of the classic Art Linkletter show “people are funny” :)
crashingly ironic ??? think thats my term of the week !
Higgy
Another obvious tell in this case is telling the unsuspecting punter he’s suspected of money laundering….It being an offence to (amongst other things) tip off or assist a suspected money launderer. Nice one “Lloyds”!
LindaB
I have a similar problem with this post. the word ‘tell’ is a verb, but here it’s used incorrectly as if it were a noun. I think the writer meant to say ‘an obvious clue in this case….’
Makes you laugh anyway.
Christine
A “tell”, as used in this case, is a noun – it refers to a facial tic or other non-verbal behaviour displayed by someone trying to bluff in poker.
Paul Ducklin
From my Oxford Dictionary of English:
tell [noun]: (especially in poker) an unconscious action that is thought to betray an attempted deception.
In real life, it’s the way you purse your lips when you have a pair of Aces in the hole but are betting like you have a King and a Five.
chimericalomicron
Ha, reminds me of when my husband and I were considering a vow renewal… a vendor emailed me with details from a bridal show, with the subject, “Your Vowel Renewal”. Thanks for showing me your lack of attention to detail before I gave you money!
Paul Ducklin
Would you like to buy a vowel?
S31
I should add though – reputable organizations do, in fact, send login links through email all the time. I wish they would stop.
Laurence Marks
S31 wrote “I should add though – reputable organizations do, in fact, send login links through email all the time. I wish they would stop.”
My credit union (equivalent to a bank) does this–and the links are to a third-party domain which performs the service for them. I’ve been complaining about this since October. They’ve finally agreed that it’s a problem but not provided a target fix date.
Phil Brady
Almost all of my utilities provide links in their “your bill is available” messages. They usually have enough PII included in the body to reassure me they’re legitimate, but I could see myself falling for a spearphish if I’m not attentive.
Tom Fiorillo
I give classes in Internet security and show examples of phishing e-mail messages pointing out that English may not be the senders native language. If it looks phishy, it probably is. But honestly if you send out 100k phishy messages, someone is bound to fall for it.
Paul Ducklin
100k messages?
Assuming you have a 1000-strong botnet at your disposal for spamming, forget 100,000 messages and think along the lines of 5 *billion* a week:
https://nakedsecurity.sophos.com/2014/08/05/how-to-send-5-million-spam-emails/
Paul Hysen
Hello NakedSecurity, there is another bit of phishing that I want to make you aware of, and you are doing it. You are telling me that Microsoft has stopped supporting Windows XP, and that is true in the main, but not as regards POSs from which I am typing and which will be supported well into this year. And am I worried about security? You bet you I am NOT. All the cyber crooks are busy developing cracks for Windows 7 and higher. So don’t try to force me to “upgrade” when I cannot, you will only encourage me to switch to Linux.
Paul Ducklin
Let me see if I have understood you correctly. You are using a Point of Sale system to browse the internet, and you are not concerned about security?
(As for “Microsoft has stopped supporting Windows XP,” that isn’t “true in the main.” It is, in fact, true. And as for encouraging you to switch to Linux…that’s one of the options we have long suggested for people who are so annoyed at Microsoft for giving them only 13 years of use out of their investment in XP that they refuse to spend $10/year for the next decade on an updated version of Windows.)
Ah. I just got trolled, didn’t I?
SizzleBizzle
Like they’d care if you did switch to Linux….
**Headline Shocker: Single person switches to NIX operating system!**
Not sure what your point is…. No one is forcing you to do anything. Perhaps you need a vacation dude!
Also, I’m not entirely sure if Sophos advising the public to upgrade to a more secure OS could be categorised as phishing.
Bob
Unfortunately, Capital One (UK) are still including a log in link when notifying me that my monthly card statement is ready to view – a bit surprising really.
Gavin
I keep looking for the “English Proofreader” job postings by the organized criminal underworld. There has to be an opening, but I have yet to find one.
G
Billy
Reputable organisations and email links. Is that not how the Sophos Secure Email Gateway works – recipients are sent a message inviting them to log in to (or register on) to the portal to read the message?
Paul Ducklin
Errrrr, yes, I think you’re right. Problem there is a “chicken and egg” one. Until you are told where to go, you don’t know where to go. Not sure how to work around that.
Anonymous
Awkward, isn’t it?
We are about to start using Sophos Secure Email Gateway and it is hard to explain the process to recipients in other organisations. Your advice contradicts what we are asking them to do and I would prefer it if my organisation didn’t end up on the naughty step of a future blog along with Capital One for sending out emails with links to a log in page.
I am not trying to put you on the spot out of shear mischievousness. I have a practical reason for trying to clarify this point as I want to avoid people coming back at me armed with advice pubished by Sophos telling me I am doing something that goes against basic good practice.
Does your advice not have to take some exceptions in to account?
Laurence Marks
Duck, you missed one (showing how even a grammarian can overlook something–the mind fills in the missing word).
The second screen shot opens with “Why your account selected.”
Paul Ducklin
I didn’t miss that one, actually. Just figured I had enough in the Giant Adverbial Blunder already. Course you only have my word for it :-)
RocRizzo
I have, in fact, launched a verification protest when someone hacked into my account. (just making this one up, but it could happen)
I wonder what a vilification process is. Does it include torture? How do they find out your evil deeds?
4caster
Poor English is a good clue to a scam, but is not foolproof. Many scam emails contain much better English nowadays. And even authentic sites often show errors, confusing “site” with “sight”, or “reign” with “rein”. And my favourite: the misuse of plural pronouns such as “they”, “their” or “them” to indicate a singular person of either sex. It is a triumph of political correctness over grammatical correctness for people who are too lazy to write “he or she”, etc.
Paul Ducklin
Actually, the use of “they” as a singular pronoun can be considered unexceptionable these days.
It is not “politically correct” at all, whatever that means. It simply reads much better than saying “he or she” (or “his/her”) all the time, which is not lazy but rather unsightly and uncertain.
Facebook does this, for example, when it says, “Charlie Somebodyorother has updated their profile.” It’s hard to find fault with that, because it is perfectly clear, is usual in spoken English, and ought to offend no-one because there is nothing to be offended about.
Nigel
Typo: 3 “p”s in “application” in: “The Home Edition includes all the Sophos UTM features: email scanning, web filtering, a VPN, web appplication security, and everything you need to keep up to 50 devices on your home network secure, 100% free for home use.”
Paul Ducklin
I thought that word looked slightly peculiar, but couldn’t see why :-)
Thanks.
Randy
Reason #2 mentioned “term of service”. A legitimate company would have multiple terms of service. In fact most legal agreements are several pages long.