Today I let three emails past OzEfilter so I could check them out. The reason I decided to check is I consider three different attacks against Westpac at roughly the same time was unusual.
All emails are phishing attempts designed to get people to log on and thus give away their log on details.
Now whilst I and others have noticed most phishing attempts have poor grammar, it occurred to me the spelling is a very obvious way for Australians to flag that something isn't quite right. In Australia our preferred spelling has evolved to be slightly different from other parts of the English speaking world.
The subject: Security center advisory is a dead giveaway. The spelling of centre as center is something I'd never expect a reputable bank to send out in an email.
However, as a result of my work creating the preferred Australian English spellcheck dictionary, it occurred to me all of these emails contained the word authorization, as can be seen in the following paragraph.
Please pay attention that your online banking account is suspended because of missing information. In order for it to remain active,please pass the account authorization process.
I decided to check how often Westpac uses authorization as opposed to authorisation (the preferred Australian English spelling) by doing a search on their web site.
The results were:
authorization: 2
authorisation: 146
That's an amazing 73 to 1 usage of the preferred spelling over the secondary spelling in Australia. Both spelling variations are valid in Australia. The preferred spelling however is authorisation.
I thought this observation was very interesting. Because many people in Australia consider the ize spelling to be American (they don't realise it is a valid Australian spelling, but yes it is the single American way to spell the word) they will almost instinctively feel there is something not quite right with the email. Listen to you instincts. If something doesn't feel right, it often isn't.
Large companies in Australia spend a considerable amount of time and money on presentation. Before something is released to the public, it will generally have been reviewed, possibly by a number of people. Phishing attempts generally won't put the same amount of effort into their writing. The use of the wrong spelling, bad punctuation, poor grammar, missing spaces and poor layout, are obvious signs of phishing attempts. Some phishing attempts are amazing in their quality of presentation, but most phishing attempts aren't up to the standard of bank correspondence and that should flag that something might not quite be right in an suspect email.
I hope this observation about the Australian English language assists others to spot suspect emails.
- Kelvin Eldridge
No comments:
Post a Comment