[leeoniya]

> "Please read the following article for its importance"

This immediately hit my brain's bayesian classifier like a ton of bricks. Or as the saying goes, "If spammers ever learn proper English, god help us all."

* the English is actually proper, but the wording is unusual

[phillmv]

It doesn't work for spear phishing, but for wide-ranging hits the broken english is often on purpose: http://research.microsoft.com/pubs/167719/whyfromnigeria.pdf :: http://www.onthemedia.org/2012/aug/31/why-nigerian-email-sca...

tldr: you have a lower number of leads but a higher conversion rate from those that do respond.

[meowface]

I can see the logic here, but for something that's a one-and-done "click this link and type in your credentials," I honestly think good spelling would add to the legitimacy. So in The Onion's case I think it's just a matter of the attackers not being good at English; if they were, I feel their success would increase a bit.

[jonnathanson]

Yeah, unusual (oddly formal, non-colloquial, weird syntax) English is usually the best giveaway.

That said, spammers and phishers are getting better and better. I've seen some "Apple" emails that looked almost quasi-legit to my weary eyes at 2am, say, but which revealed themselves as laughably bad upon closer inspection of the writing and the email addresses.

We should assume that phishing attempts will continue to improve in writing quality, use of plausible email addresses, and mimicry of email templates from legitimate sources. But some things will never change, because they are fundamental to the phishing playbook: seeking credentials, linking, etc.

[eliben]

+1, this phrasing immediately triggers my brain's spam alert. It's not simply a "familiar" kind of phrasing friends or teenagers would use to make communication shorter - it's just that kind of mistake scam emails tend to be full of, for some reason.

[dsrguru]

That "some reason" is, as other comments have said, to only get responses from the most gullible marks. If you're gullible enough to respond to a typo-ridden email from someone claiming to be a Nigerian prince who just needs you to pay him a small fortune now in return for a huge fortune later, you're worth pursuing. However, that logic doesn't apply here since the phishing attack was targeted. That's why the email did not have deliberate typos. However, unlike Nigeria, Syria isn't an English speaking country, which explains the awkward phrasing in the email's one line.

[eliben]

Interesting. I never considered that shady language is a purposeful thing, always assuming it's genuine mistakes by non-native speakers.

[purephase]

A few minutes of searching and I couldn't immediately find it but, if I recall correctly, it's actually intentionally incorrect as poor grammar comes off as folksy and more trustworthy and leads to more clicks.

[JshWright]

I suspect folks at The Onion get completely legitimate lead emails with worse English than that on a regular basis.