Monday 18 July 2011

On identifying phishermen

Correspondents (of the radio kind) have been keeping the phone hot this week in the wake of a report claiming that spelling mistakes on websites can cut online sales by half. I'm not surprised. If website writers don't take the trouble to satisfy the norms of standard English - which is defined chiefly by its spelling, punctuation, and grammar - then they must expect to encounter trouble. People are very ready to make deductions about the background of a user based on language use, and the argument 'carelessness in spelling must mean carelessness generally (and thus an unsatisfactory product)' is applied regardless of the realities. Quite clearly, firms need to employ proof-readers if they sense they have a deficiency in the spelling department. There are plenty of free-lancers out there willing to help.

Interesting research questions still need to be answered. What are the areas of internet activity that generate these expectations? Clearly there are some outputs where deviations from standard English are normal, expected, and valued. And what pragmatic effects does nonstandard usage on the internet convey? One point which didn't get a mention in the BBC report is the way nonstandard English can be an important clue to the dubious origins of a message. Here are three examples of phishing that I received recently, all from someone purporting to be a gmail service provider and wanting my personal details. The nonstandard English provides the clues (some of which I italicize below). There are pointers of spelling, punctuation, and grammar, as well as awkwardness of style and inconsistency (eg in the use of capital letters). Probably the whole of the first example should be in italics, given the blend of sentence structures!

(1) 'We make every effort to ensure that we provide the Ultimate Security required for maximum protection because we are detecting unusual activity on some user account, we have decided to protect each account with a user account control to protect user privacy and make sure each user account is not accessed unauthorised.'

(2) 'We have received several complaints from users unable to gain access to their email account, as a result of that, we are upgrading our security systems and making sure each user account is not accessed unauthorised. We do not want you to loose access to your Account since your login information are no longer valid on our database system. Now, the Gmail Account Team need to confirm your profile details below for verification purpose and to confirm that you own this Account.

NOTE: If you would like to continue using our services, please click on the reply button and email us the afore mention details immediately for confirmation and validation. We apologize for any inconveniences. Thanks for Using our Service.'

(3) 'This is an important information regarding your Google account. We have just realized that your account information on our database system is out of date, as a result of that we request that you to verify your Information by filling your account information below.'

As time passes, and people become increasingly experienced in reading and interpreting web pages, they are developing intuitions about the status of the originators. This applies as much to matters of graphic design and choice of style as to content. What we are seeing in these examples is the emerging role of nonstandard English as an index of internet illegitimacy. I expect the same sort of thing takes place in other languages? Examples welcome.


  1. Professor Crystal:

    The examples you give underline the problem; however, each of them - to be flagged as spurious by the reader - presupposes a level of sophistication which cannot, sadly, be presumed. At the other end of the spectrum, many of these bogus attempts to steal our money are very sophisticated, and assume an equal, or greater level of sophistication, to be found out. In the end, the old caveat remains true: Let the buyer beware.

    Marc Leavitt

  2. What you say is fair but I suspect that quite a lot of phishing is sent to people who do not have English as their mother tongue and might not spot the mistakes.

  3. Well agreed... but your messages don't help. Is the implication that one should do nothing, therefore? I take the view that we need to publicize these issues as widely as possible, to increase awareness. And who knows, issues of this kind may actually motivate learners to go that extra mile in acquiriing a sense of what counts as standard English.

  4. You say: 'Quite clearly, firms need to employ proof-readers if they sense they have a deficiency in the spelling department. There are plenty of free-lancers out there willing to help.'

    Perhaps it wouldn't be inappropriate here to mention that a directory of more than 440 such freelances (my preferred spelling)
    can be found at - the website of the Society for Editors and Proofreaders of which you are honorary vice president!

  5. Yes, I was thinking of the SfEP when I made that comment. However, I should perhaps point out that I do not publicize my professional links with organizations on my blog, so your final exclamation mark is unnecessary.

  6. The short answer to your question as to whether phishing occurs in other languages is, yes. I suspect that tools such as Google Translate may be playing a role in this, and have written about the subject in more detail on my blog:

  7. I have no doubt that spelling mistakes and poor grammar can significantly damage a company's online sales. The report in question, however, hinges on the speculation of one person who assessed data from one website, presumably without paying due heed to many relevant variables. So the estimated cost, as far as I can see, is utterly unreliable.

    I'd like to see a proper study into this. I know of none, aside from a survey the Royal Mail carried out along these lines some years ago.

  8. That wasn't my question.Of course phishing is widespread across languages. The question was whether phishers in other languages can be detected through their use of non-standard forms.

  9. I often receive emails of much a more obviously dubious nature with subjects such as "750 is a Gr eat Score! | Check Y our Credi t Sco re for $0!"

  10. This is certainly the case in French. This extract is a typical example from the dozens of emails in my "courrier ind├ęsirable" folder:
    'Cher client Paypal, Votre compte a ete signale au hasard dans notre systeme une partie de nos mesures de securite de routine. C'est un must de veiller a ce que vous etes le seul a avoir acces et l'usage de votre PayPal compte et a garantir la securite de PayPal experience. Nous avons besoin de tous les comptes battant pavillon de verifier leur des informations sur le fichier avec nous. Pour verifier votre information a ce moment-la, s'il vous plait visitez notre serveur securise par formulaire en cliquant sur le lien ci-dessous'
    Note total absence of accents, scrambled grammar and what look like translation howlers (the weird "comptes battant pavillon", for example). No spelling mistakes, however!

  11. That's a really interesting example, Stuart. Many thanks.

    The spam examples are less interesting, linguistically, precisely because they are so obvious.

  12. I have become fascinated by the comments left on my blog posts by 'spambots', precisely because the language they use is so weird and arcane and nonsensical: "That is a super-peachy-keen post. Thanks for really blathering on like that! Seriously, I don’t think I could have spent more effort wishing for something heavy to fall on me to erase that nonsense from my mind!"

  13. I think a lot of this sort of thing arises from the omission of grammar in school English curricula over the last few decades - in Australia at least. Spelling is another matter :-(