[hanoz]

This is bollocks. Speaking for Britain, and I think I can, there are hoards of would be victims to this kind of scam, particular of the current retirees generation, who are extremely vulnerable to having the wool pulled over their eyes about technical and internet security best practice matters, but for whom just so much as a poor turn of phrase or some unusually laid out punctuation is an absolute dead giveaway. If the scammers got their act together on this front they'd be mopping up huge swathes of these people, but they don't, because at the end of the day they don't speak English very well and don't have access to anyone who can.

[mikhmha]

100%. This article is a popular “Reddit” theory I’ve seen float around for a while now and it’s just not true!

I’ve worked IT help desk before and have seen lots of phishing emails. If scammers tightened up their spelling and grammar skills a tiny bit they would catch many more victims effortlessly. The bar is insanely low. Most users could spot obvious phishing emails. But emails with even just a little more effort put into spelling and grammar were insanely successful. I worked at a University - I’ve seen professors, students, admin fall for these ones.

Why can’t they spell? Because most scammers are operating from the developing word and don’t have great English. That’s it. There’s no elaborate theories beyond that.

[SturgeonsLaw]

I am another data point that would agree with you on this. I would classify myself as a sophisticated computer user (if I don't say so myself), and I fell for a phishing page once. They recreated a pixel-perfect copy of the Steam login page in a fake browser window with a pretend address bar etc. I entered not only my creds, but also my 2FA code, before realising that it was not legit.

Got an email shortly afterwards about a login from Russia, however I was able to change my password and kick out all other sessions before any damage was done.

The worst part was that I was doing a favour to a Steam "friend" who asked me to vote for his clan in some kind of competition. I will give him the benefit of the doubt and assume it wasn't really him, but someone who had hacked his account, but either way, Steam support were utterly disinterested in doing anything about it when I reported it. As were Cloudflare. I checked on the site a few days later and the safe browsing list had flagged it, so at least those maintainers still seem to give a shit.

[hattmall]

Yeah, actual credential phishing attacks can be sophisticated and well put together. The ones where they will make mistakes on purpose to weed people out are the ones where they are REALLY looking for a target to squeeze. They will keep some of these people on for extended periods of time and get loads of money from them.

I have a friend that got a message from a "girl" over the summer. It was like "Hello Dear Joseph, I would like to no if you can help me with to practice English. I find you profile today and I have a work visas starting in 90 days to come to your city for work and I am wanting to make new friends and practice my english!! Sorry if this bothered to you. ~~EMOJIS~~~ - Signed Brazilian Model.

So far I think he's 8 grand into helping her. I'm sure it's more now because that was like before Halloween and it's impossible to convince him that it's a scam.

[hutzlibu]

"So far I think he's 8 grand into helping her. I'm sure it's more now because that was like before Halloween and it's impossible to convince him that it's a scam."

Scams work, because people want to believe in them.

[ab-dm]

Likewise. It’s scary how easily you can just fall into a phishing trap. I almost gave an attacker my GitHub login due to a (Very very good) phishing email impersonating CircleCI.

The email was really good (not in junk), the domain was close, pixel perfect UI and is just finished a reformat so entering in my feeds again made sense. Unfortunately for them, they sent the email out prematurely because after pressing the button I got a JS error.

[edwcross]

The theory I heard worked in the other direction: if we assume scammers have a finite amount of time, it could be in their interest to minimize the amount of "likely good targets" in order to increase the amount of "very likely good targets". So all those untapped potential targets are just too similar to non-good targets for them to discriminate effectively, leaving them so far focused on the lower-hanging fruit.

I mean, with Google Translate, spellcheckers, etc, improving all the time, at least some of those messages should have been improving as well, no? If their grammar has not improved at all during the last decade, then there might be a hinge of truth to the theory.

[notahacker]

If we assume that scammers live in the developing world, their time is almost certainly not valued so highly that having a few more responses to copy/paste a unanswered requests for payment to is worth their bulk email losing a single wealthy Westerner that's trusting and unworldly but also a stickler for good grammar (or has a spam filter that knows a lot more about Nigerian princes than they do). I've seen in-person scammers in the developing world continue to waste their own time trying to reel me in even after I've told them I'm familiar with that type of scam and failed to turn up for suggested meetups, and it's not like I was the only white person in Jaipur...

There are often horrible spelling and grammar and composition errors leading to phishing pages which involve zero further input on the spammer's part to collect valuable data too.

[leidenfrost]

Scam companies tend to hire those who either couldn't or didn't invest into a personal career. Some of these also have a gift for persuasion (to other locals) so they just go for it with what they have.

Once you start getting into the mindset of investing time for learning and development of skills, then it's just easier, safer and more profitable to go the legit way.

[jrgoff]

I think all of the obvious scam emails are part of what makes the higher effort scams so much more effective. People (myself included) are used to being easily able to spot the scams so aren't naturally wary when seeing emails that don't have those obvious indicators.

[csydas]

I'm not sure it's the case with the type of scam that the article is talking about. Phishing credentials and getting people on the phone to buy gift cards and transfer money require a vastly different approach I suppose.

https://www.youtube.com/watch?v=18bovtIlrpI

Skip through the hot parts of the video per the graph and just see how the scam actually works, and I think that for all the social engineering steps required and the sheer amount of time spent on the phone, most people would just give up even if they maybe fell for the initial well designed email.

I don't really want to speculate on the spelling/email of scam emails as I think short of some reporter just finding a spam-house and asking, it will all be senseless speculation. The article theory has plausible theories, but might very well be specious. I don't buy that it's due to poor English skills, as spellchecks are plentiful and I have no doubt that the spam-houses could easily pirate older copies of Word and get a decent looking email.

Similarly, if it was effective, I have to imagine that this is the format they'd pick.

The simplest explanations of the poorly formatted/written emails and chats for me are:

1. The targets that have the highest chance of success don't care about the emails

2. The formatting of the initial emails doesn't impact the scam in a significant way

From a more personal perspective and the people I know who continued with the scam past its initial stages, they didn't pay attention to the formatting, just the general idea behind the message was more their concern. The IRS scams, giftcard scams, etc, put some sort of pressure on the people in a way that they truly stopped thinking about the content and were more worried about the idea behind the message: they would get in trouble if they didn't comply, and the financial concerns were the driving force.

[erichocean]

> Because most scammers are operating from the developing word and don’t have great English.

Wait until they discover ChatGPT, problem solved.

[cortesoft]

Yeah, this sounds a lot like a just-so story. There is never any actual evidence given, and the story plays towards people’s desire to feel smarter than other people who would fall for a scam.

https://en.wikipedia.org/wiki/Just-so_story

[constantcrying]

>because at the end of the day they don't speak English very well and don't have access to anyone who can.

They have access to spell checkers. I somewhat agree that current retirees may be very sensitive to spelling mistakes, but spammers often aren't even putting in the minimum amount of effort to produce an error free E-Mail. I think that both theories aren't satisfying.

[Mordisquitos]

Spell chequers are off ten knot enough two insure correct righting off a massage.

[IshKebab]

Everyone has access to spell checkers. Does that mean spelling mistakes don't exist nymore?

[mtlmtlmtlmtl]

I think you're right in general, but I've seen some cases where it couldn't possibly be language barrier.

For instance I once saw one of those sex scam accounts on Facebook where the profile pic was some hot, obviously white woman, but the name was Vietnamese and all the posts were in the Thai alphabet. That to me seemed very deliberately designed to catch men who saw the big boobs and immediately switched off their brains. And obviously no one is incompetent enough to use the wrong alphabet by mistake.

[otikik]

I agree in that the collective that you mention exists, and it is probably the majority. They are not the target.

Remember that scammers are lazy. The target is someone who doesn’t notice the punctuation problems. People with mental illnesses, etc, but with access to funds. It might very well be much smaller than the group you mention but they are easier to scam. No need to use technical trickery. They will give you their credit card details over the phone.

[rdsubhas]

Both can be true.

Educated, British retiree is one class of audience, who may need a different nuanced tactic (tech/ amazon/ gmail security like email with a professional English call center that can engage them).

The world is a big place. There are also other classes of audiences (where the engagement effort is much lower) and this purposeful spelling mistake does look like a good way to weed out some of them.

[Fooloo]

No this is a filter. It is the same reason why the wife of nelson mandela has millions to give. Any interaction after initial spam cost time and hence if there is no return it is lost opportunity. Best victims are the ones which are not aware that there is a scam at all. Overseeing bad spelling correlates with inability to read carefully which correlates with being with bad intelligence. So people answering very bad spam are in fact more likely very good victims.

[Fooloo]

https://www.microsoft.com/en-us/research/wp-content/uploads/...

[citizenpaul]

>because at the end of the day they don't speak English very well and don't have access to anyone who can.

You believe they don't have access to fiverr or any of the numerous sites that will copy edit for a couple dollars of the thousands bucks they are scamming?

[skissane]

They probably don't realise their English is bad. Are you going to pay for a copyeditor if you don't realise you need one?

[notahacker]

Not to mention that if you're looking for copyeditors on freelancer websites, you've got to provide them with some credit card details and evidence you are running something most freelancers are going to identify and report as criminal activity. There's a reason the majority of these scams want cash payment in Western Union or Bitcoin...

[leidenfrost]

They are not THAT stupid. You need hear a native speaking for a couple seconds to notice that your English is not native-level

They don't do that because the promise of the scam is easy money. That means, low investment and high profit.

Imvesting time and money into proficiency level skills kinda defeats the point of working for a scam company.

At that point you'd rather find a legit job with a good salary for local standards

[citizenpaul]

I was making a counterpoint that the reason they have bad grammar is not lack of access to a way to make good grammar. The original thought about why the grammar is always bad on scams is simple. The bad grammar is a litmus test that your victim is dumb or mentally not able to analyze your scam so you know to dig in when you get a hit.

[majikandy]

Is it possible that scamming huge swathes of people would make said sacammer a victim of their own success and a prime target for the authorities?

[TylerE]

Corrupt 3rd world Governents don’t care at all. If anything they tacitly Encourage it since they need money flowing in.

[jstummbillig]

Like... Google Translate? I am not claiming the explanation is true, but it seems roughly as plausible as the alternative.

[robbomacrae]

As they say: "never attribute to malice what can be attributed to incompetence"

but in this case it is both.

[kwhitefoot]

s/hoards/hordes/

:-)

[4gotunameagain]

Why would you say that here, there are so many indians browsing hackernews.

Don't help them get better at scamming.

[lelanthran]

> Why would you say that here, there are so many indians browsing hackernews.

> Don't help them get better at scamming.

Yeah. The last thing you want is someone like me getting into scamming, right? /s