It used to be, when you got a phishing e-mail, you could rely on being able to spot it relatively quickly, just because of the blatant misspellings and laughable grammar.  Microsoft writes, in an article about how to catch phishing e-mails:

“Spelling and bad grammar. Cybercriminals are not known for their grammar and spelling. Professional companies or organizations usually have a staff of copy editors that will not allow a mass email like this to go out to its users. If you notice mistakes in an email, it might be a scam.”

decoding spam 2.001 (1)So it was surprising to receive the other day an unusually well-written phishing e-mail. The tone was fairly professional, and the spelling and grammar correct. The only grammatical tip-off was a punctuation error – a single missing period at the end of a sentence. Of course, the actual content was another clue. Ostensibly, the e-mail came from eBay (from an address that looked legit), and since I sometimes use the Swedish auction site Tradera (which has been owned by eBay since 2006) I actually opened the mail and took a quick look. The gist of the message was that since I hadn’t logged in for a while, my account would be deleted in 30 days. Of course there were helpful links to click in order to avoid this action.

Obviously, this was a preposterous warning. I know that E-bay is not going to delete my account – if for no other reason than the fact that it’s not in their interest. But the e-mail did use my Tradera-ID, and it “knew” that I hadn’t been active recently (although it could be that most people have periods of inactivity and would identify with this statement). Combined with the passable writing, it could potentially slip through a lot of barriers.

I did some more research and it seems possible that this particular spam mail has been circulating since 2010! Most of the reports of it appear on various user forums, where people have debated its validity. I found no official statement from eBay (maybe there are just too many fraudulent messages out there?). I contacted Tradera to ask about the e-mail and hopefully report it, and found out that eBay no longer owns Tradera – fallout apparently, from the break-up of eBay and PayPal. Maybe the recirculation of this phishing attempt is well-timed, considering that not many Swedish Tradera users know that eBay and Tradera have split. Plus, the writing indicates to me that some groups behind phishing e-mails may be stepping up their game, hiring reasonably competent writers and developing more sophisticated strategies.

All the more reason to make sure your language, spelling and punctuation is punctilious before sending messages to customers!