[johndhi]

I was wondering that recently. But I don't know -- I feel like they'd catch even the discerning people if they did a better job of it.

Why don't they exactly replicate what a Google or Chase email looks like? I don't see how I wouldn't fall for that.

[version_five]

I get phone calls sometimes that are almost certainly legitimate, such as from my insurance company, and if they ask me to give them any information (like my address for "security purposes") I always refuse and tell them I can call back. The same is true with email. You should never be giving any information away, even if it appears to be a completely legit communication from your bank or whatever.

The exception (and a potential attack vector) is when a phone call or other live interaction ends in an email being sent as part of the process. There you have to weigh the risk I suppose; obviously i have replied to such emails. But i would never reply to a bulk email even if it came form my banks domain.

[Eleison23]

When the doctor's office phones me, they must immediately learn my DOB or they can't reveal any information. Unfortunately the person calling is sometimes a nurse who's working on test results or some followup and they don't have a direct number. But it's kind of a stalemate if I won't reveal anything to them, and they won't reveal anything to me.

At this point if they manage to have the correct caller ID and I'm more or less expecting the call, it can't hurt to divulge my DOB. Scammer's going to find that out easily anyway.

[thisiscorrect]

I'd buy the argument made in the article more if they could explain what harm the scammers are avoiding by weeding those of us who can spot a misspelling as early as possible. Do they immediately start investing a great deal of time in a possible "mark" right after one reply from them?

[RajT88]

Think of it this way:

Savvy users who will become wise to the grift somewhere along the way are the ones they want to weed out. Early in the process ideally.

Having totally convincing emails fails to weed out these savvy users - you get to discover who they are a bit further down the line, after you've invested some time.

Since their time they can spend is finite, they want to only spend time on sure bets. This is why it is important to take a few moments to lead on scammers - you're damaging their ROI the more of their time you can take up.

[UIUC_06]

You've just restated exactly what the article says, but yeah.

[justsomehnguy]

Yes, but there is a thing what many comments here misses: those email do work, so not only they filter out not-dumb people, they are running on a successful strategy.

Using a proper spelling would improve the conversion but also would add a lot more work for the scammer and therefore he can miss a real doofus who can be scammed, so the overall KPI (heh) would be lower.

Yes, it still the same, but with an additional key part.