Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Reading the News Today—Oh Boy... | Main | Scrubbing Random Word Lists »

October 26, 2005

Phishing in the Month of Octomber

The English-is-not-our-first-language phishers have been propagating a spelling mistake in (among the ones I've seen) PayPal and Chase scam messages throughout October, 2005. The messages specify a deadline date, by which time you must confirm your personal information or lose your account. Half a dozen messages that reached me all spell "October" as "Octomber."

My guess is that they started with "September," and, if they looked at "November" and "December" they figured all these "ber" months must be "mber" months. Thus, when they updated the scam message for the new month, they replaced "Septe" with "Octo" to get "Octomber." This further leads me to believe the native language of the initial generator is not one whose month names use the Latin roots. Something from the Far East perhaps?

A few of the PayPal messages also include this gem of English ineptitude:

One of our Customer Service employees has already tryed to telephonically reach you. As our employee did not manage to reach you, this email has been sent to your notice.

No PayPal employee would dare split an infinitive like that!

While I'm on a phishing rant, a recent article reported that the typical phishing site remained operational for an average of 5.5 days in August (down from 5.9 days the previous month). In other words, it takes the owner of a hijacked Web site or Web hosting service longer than a typical work week to react to a report of phishing activity.

According to the article, the trend indicates success in squashing phishing. Five-and-a-half days! I can't imagine that a phisher has high hopes that a site would be up that long. The main damage to consumer information has to occur within the first 24 hours, and certainly within 48 hours. When I see a second or third mailing pointing to the same hijacked server arrive a few days after the first one, I consider the lack of action on the owner's or ISP's part a massive failure.

If the phishing site takedown rate improves at the same pace going forward, it will be Octomber 2006 before we're anywhere near a desirable figure.

Posted on October 26, 2005 at 10:44 AM