[phillmv]

It doesn't work for spear phishing, but for wide-ranging hits the broken english is often on purpose: http://research.microsoft.com/pubs/167719/whyfromnigeria.pdf :: http://www.onthemedia.org/2012/aug/31/why-nigerian-email-sca...

tldr: you have a lower number of leads but a higher conversion rate from those that do respond.

[meowface]

I can see the logic here, but for something that's a one-and-done "click this link and type in your credentials," I honestly think good spelling would add to the legitimacy. So in The Onion's case I think it's just a matter of the attackers not being good at English; if they were, I feel their success would increase a bit.