Gone Phishing

Written By Nancy Meyer
AdobeStock_78590694_blog.jpg

The Broadway hit Dirty Rotten Scoundrels, with music and lyrics by David Yazbek and book by Jeffrey Lane, features con artists who charm oodles of money from unsuspecting wealthy women while singing snappy lyrics and playing a bevy of deliciously “rotten” characters. We laugh and cheer for them every step of the way. But were the con to happen to us in real life, we would wonder why we didn’t see it coming. So, how do you spot a con? By proofreading, of course.

These days, cons hit us online via email phishing schemes. Lucky for us, most online con-folk give us a few ways, or “tells,” to recognize them. They can often be spotted by their faulty grammar, punctuation, spelling, and simple formatting skills. And nobody hyphenates like a phisher. 

While I would be happy to be hired to proofread your incoming emails, there are a few simple ways to think like a proofreader and spot a phishing scheme on your own. Toward this end, I suggest you use the acronym PITAS. A delicious Mediterranean bread when the word appears in lowercase, the all-capitalized PITAS will help you recognize some common scamming tells in your emails.

P = Punctuation 

Commas

Okay, so you never could figure out where the comma goes in a sentence—don’t panic! Phishers rarely use them, even when they should. Check for a comma after an opening greeting of an email. Almost every human alive neglects using the direct address comma (see my blog on direct address comma for correct usage of commas before names in a greeting), but there should be a comma after your name and before the rest of the message.

Greetings

Correct (with direct address comma)
Hello, Ms. Meyer,
Greetings, Ms. Meyer,

Sort of Correct (missing direct address comma)
Hello Ms. Meyer,
Greetings Ms. Meyer,

Really wrong:
Hello Ms. Meyer
Greetings customer
Hi Ms. Meyer

Look for the comma AFTER your name. And, while you’re at it, look for your name. 

Hyphens

As I said, phishers notoriously overuse hyphens. Companies might use a hyphen in an advertisement, but most reputable companies will not use hyphens in an email; it’s a tell. Here’s an example of a first line of a phishing email I received recently:

We have been trying to reach you - please-respond!

There is absolutely no need for either of these hyphens. This sentence needs to be broken into two sentences with correct ending punctuation. Period. And I guarantee you that the hyphenated word “please-respond” will never be found in any dictionary. 

I  = Indentation and spacing

Indentation means each new paragraph begins five spaces in, or, as Sister Colette taught us early in elementary school, one finger space. Sorry, Sister Colette, but unless it’s the contents of a novel, people don’t indent. They skip lines between paragraphs. So, if you see a one-finger-space indentation, chances are it’s an old-school con.

But the bigger thing to look for is a lack of spaces or too many spaces within sentences. There should always be one space after a comma in the middle of a sentence. There should always be one space between sentences in the same paragraph. Look at the phishing email below that I received recently and see if you can spot the missing spaces. You get extra points if you find all the rest of the mistakes…

Our system has noticed some glitch in authorizing your payment card on file.Please verify or update your payment method on file.To continue using [company name] and get your item cheaper and fast.Valid payment information must be received within 2 days time,otherwise your [company name] account will be suspended.

T = Titles, Subtitles, Names

As I mentioned earlier, look for your name in the greeting. It’s not ALWAYS a sign of phishing, but it could be a sign to look closer at the rest of the email for other tells. Your title, if it comes directly before your name, should always be capitalized and have a period after the last letter. For example:

Dr. NOT dr
Mr. NOT mr
Mrs. NOT mrs
Ms. NOT ms

A = Apostrophes

There are CEOs and college professors who don’t know how to use apostrophes correctly, so incorrectly placed or missing apostrophes are not going to be dead giveaways that the email is a scam. However, it is worth your while to check commonly used contractions for correctly placed apostrophes that take the place of eliminated letters:

can’t NOT cant’ or ca’nt
couldn’t NOT could’nt 
doesn’t NOT does’nt
don’t NOT do’nt
won’t NOT wo’nt                 

Most brands disregard grammar rules and eliminate apostrophes that show possession. This is (mostly) because apostrophes cannot be used in email addresses. However, the one popular brand name that still uses an apostrophe is McDonald’s. The folks at McDonald’s hardly ever ask you to confirm your credit card number or your mother’s maiden name, so if you receive an email from them recalling their burgers or fries and please respond, someone is trying to see you a philet of phish.

S = Spelling

One spelling mistake often made by scammers is incorrect use of upper case letters. Randomly capitalized words in a sentence should fly a red flag for you. The following sentence stood out in a recent email:

Protect yourself Now & keep Your Data Private..

Why capitalize Now, Your, Data, and Private? And don’t get me started on the use of the ampersand and the two periods at the end.

Most companies spell their names with beginning capital letters unless they have branded and trademarked their name in all lowercase letters (e.g., ebay, xerox). A dead giveaway for me in a recent phishing scam from “Amazon” was that they wrote “Amazon.com” in their return address, but “amazon.com” in the body of the letter. When they mentioned the company name within the email, they wrote “amazon” in lowercase letters—except when they didn’t. Inconsistency and a lack of awareness of branding should light a flare. 

PITAS to the Cons

In a good musical comedy, a con will con another con, and they will sing together in the end. In real life, we sing the closing number when we beat a con. Use PITAS to spot a con before the curtain comes down, and, if in doubt, reach out to your friendly neighborhood proofreader for an extra set of eyes. 

I just pray none of you reading this is a con picking up tips to clean up your next phishing scheme…

Nancy Meyer
Previous

May or Might: Lapin Logic
Next

Happy Grammar Day!