Spam, Spam, Spam, Spam…
Spam emails; we all get them (unless you have managed to avoid either using email or giving the address to absolutely anyone), and they are really stupid and annoying. But I always open them up and have a look (Gmail blocks all pictures, links and attachments so there’s no risk), because sometimes they can be so awful they’re hilarious. Only a few weeks ago I got a pleading email from someone claiming they were trapped abroad and needed help from someone ‘back home’ to transfer money back to their country. This mysterious foreign country they were trapped in? England…
This is one of the many cases I have seen for the misguided belief that Everyone On The Internet Is American, despite this being far from the truth. Most emails I get are a little more realistic, and while some assume I am French, Spanish, or even in one case Russian, most seem to have tagged my email addresses as British, somehow.
Below is an example of an email I received today, word for word. It knows/assumes I am British, but still manages to fail spectacularly in its lack of research:
HSBC Bank UK
subject Welcome To The 2010 Banking Season
Logo Dear Valued Customer,
HSBC Bank wishes all there customer a happy new year and welcomes you to another new banking season
please be informed that we are updating to a new EL SSL server due to the new banking year and this requires
all our customers to update there account profile to 2010 banking profile .
Log on to update your account profile
HSBC Bank UK
Now, the most obvious thing about that is that the author either has no grasp of or no care about the correct use of English, which is a bad start already if you want to scam English people. They also do not understand the financial year, which does not start in January in many countries around the world (Wikipedia tells me only China use the calendar year as the financial year, though there may be less well-known others).
It’s my knowledge of computers which really makes the lack of research clear to me, though. For a start, the email appears to come from HSBC’s domain, which seems convincing until you look up how easy it is to spoof an email address if you know how email protocols work. After that, I start despairing at how much someone can get wrong if they already know about email systems.
The phrase ‘updating to a new EL SSL server’ is mostly garbage – you don’t have ‘SSL servers’, and updating SSL on your systems is something that happens fairly frequently and without any need to contact customers. It’s like your bank sending you a letter saying ‘You’ll need to visit the bank tomorrow, because we just changed our locks…’ The customer doesn’t need to know, and probably won’t notice even if you told them. Also, I would hope that most banks would be using TSL, which started replacing SSL nearly a decade ago for high-security systems, although SSL is still common enough that I suppose a particularly lax bank might still be using it.
So yes, spam and phishing emails can be hilarious on occasion. The biggest flaw in the whole scam is that they have to guess which bank you are with – I’ve received hundreds of phishing emails and only one claiming to be my actual bank. The best one, however, was when I checked my old email address that I set up as a teenager – you know the kind; ridiculous, slightly embarrassing and usually obscene or disturbing in some way that was very amusing ten years ago. There I found an email claiming to be from a Christian woman with less than a year to live (!) who had a lot of money and no heir, who was sick of seeing society becoming depraved and sinful, and wanted her money to go to someone who could use it to try and make the world a more spiritual place. Apparently, this meant me.