Sophos Cloud Optix
Thank heavens for the poor education of cybercriminals!
If they had paid more attention to spelling and grammar at school (rather than mugging younger kids for their dinner money and inflicting chinese burns behind the bicycle sheds) then maybe some of their scams would be harder to spot.
Take this malware campaign that we are seeing being spammed out right now, for instance.
Subject: DHL notification
Message body:
Dear customer.
The parcel was send your home address.
And it will arrice within 7 bussness day.More information and the tracking number
are attached in document below.Thank you.
2011 DHL International GmbH. All rights reserverd.
The email doesn’t really come from DHL, of course. This is just the latest in a long line of instances where cybercriminals have distributed malware attacks posing as communications from a delivery firm such as UPS or FedEx.
But take a closer look. There are 37 words in the body of that message, four of which are spelt incorrectly. That’s an almost 11% failure rate!
If the spelling mistakes and lack of professionalism weren’t enough to get your security sixth sense jangling, then hopefully your anti-virus would have identitifed that the attached DHL_document.zip file contains malware.
Sophos products detect the ZIP file proactively as Mal/BredoZp-B, and its Trojan horse contents as Troj/Agent-QQG.
I, for one, vote against improving the grammar and spelling of cybercriminals. We can’t rely on every malicious hacker being a poor communicator, but it certainly can help the general public identify when a message should be treated with suspicion.
Most of these are from non-English speakers to begin with, so I don't think it's really a matter of poor education. I imagine most American PhDs would have a hard time composing a letter in Swahili. Nevertheless, it is amusing to receive a letter, ostensibly from the US Ambassador to Benin, rife with random capitalizations, misspellings and erroneous grammar.
I think it would be a nice idea to introduce spam filters based on grammar and spelling… 😀
It's worth noting that the signature line reads "2011 DHL International GmbH." GmbH is the German equivalent of Inc. In other words, the writer is probably not a native English speaker. What's scary is that I have seen native English speaker who do spell that badly – but most of them are either not smart enough or not motivated enough to write malware.
Actually, you'll find DHL's global headquarters is in Germany.
So even the main DHL.com website refers to "DHL International GmbH".
DHL is part of Deutsche Post.
In the words of Michael Caine, not a lot of people know that.
The knowledge that many scams contain poor spelling and grammar is not new. But remember that for many, many people in English speaking countries receiving these emails english is a second or even third language.
So while those of us who speak and read English as our first language may sit back and laugh, a lot of our neighbours aren’t so aware of the errors.
And when we live and work alongside non-native English speakers every day, relying on spelling or grammar clues shouldn’t be seen as a 100% effective filter.
I'd have stopped right after the "Dear Customer" part. How come they sent a parcel to my home address, know my email address, and don't know my name? Not even if they wrote impeccable English I'd have gone for that 🙂 And no, I'm not a native speaker myself 🙂
Can someone please tell me if my computer got infected or if anyone can see in my email if I opened this email from DHL? I actually was expecting a delivery and filled out a form online to redeliver a package, so I thought it just might be regarding my delivery, so I clicked on the zip file folder but I got a pop up that said it could not download because an unfamiliar virus. So does this mean no harm done and no one can see my information??
Thanks
I also (stupidly) opened the email and clicked on the downloaded zipfile. Now what? I turned off the computer once I realized I'd been duped.
Help!
But did you see a pop up window stating it could not download the file because of an unknown virus? What happened after you clicked on the zipfile? I think my security may have blocked it because of that pop up, but I’m still not sure.
I am forwarding all the ones i get to ‘Fraud.alert@dhl.com’. Maybe they may open one and find out first hand the amount of grief normal recipients get!
I got a email about "DHL notification" at my old email account but it wasn't like that. It was just saying please check this document and then there was a attachment saying "Document.zip".
i have heard (don't know if it's true or not, but it bears thought) that some misspellings and poor grammar in spam emails is intentional, as a means of bypassing certain spam filters. for example, sending an email advertising "discounted pharmaceuticals" might get caught, whereas "discounted phamacuticals" might not. same thing for "free Rolex watches" versus "free Rolexes watch." (both of those examples are from real emails that i have received in my Hotmail account recently, which incidentally i don't use as a regular account but only for signing up on less-than-stellarly-reputable websites such as for games and whatnot.)
obviously that doesn't apply here, but it's also possible that whoever sent out this spam also has or does send out non-spoofing spam for "retail" websites.
I just received a different version:
DHL Express Delivery
tracking number # 22278711
Good morning
Parcel notification
The parcel was sent your home adress.
And it will arrive within 3 buisness days.
More information and the parcel tracking number are attached in document below.
Thank you
DHL Express Delivery system (c)
153 James Street, Suite100, Long Beach CA, 90000
Maybe they need a minimum number of spelling errors.
And the name of the zip file in DHL mail.