Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If you were trying to educate people about scams filtering out certain accents would be very effective.


I don't think that's meant by "filter" in this context. I believe instead that it is a reference to scammers filtering out those people who would likely catch on anyway at some point in the scam, so that they can concentrate on the more naive potential victims. Those victims who ignore things like spelling mistakes are much more likely to ignore other warning signs, too.


This is an antiquated theory and it was never really true. The mistakes weren't intentional and wasn't effective for filtering victims. Phishing campaigns and scammers try to make as few mistakes as possible.


I guess it feels plausible because it sounds similar to how advertising works: discount supermarkets and dollar stores intentionally try to look cheap and tacky because it makes customers expect their prices to be relatively lower than the competition (whether that is universally true or not). They specifically want to attract people looking for cheap, so they try to look cheap - in their branding, advertising, print materials, etc.

Of course scammers aren't literally looking for people trying to be scammed, so the comparison breaks down there. Plus of course there are other strategies than just spray-and-pray (where lower upfront costs by not investing in good copy or plausible design may actually be a good strategy because you can't handle too many marks at once) and with many of those better quality investment definitely increases the chance of success (e.g. spear phishing or whaling).


Interesting, thanks for correcting me. Do you have any sources or further insight into this?

That theory always intuitively made sense for me, so I never questioned it. But of course a lot of theories like this are repeated precisely because they sound plausible, regardless of the actual truth behind them.


I don't have any direct sources because I'm not in the scam industry. I am generally aware of scam forums and groups where they share TTPs etc. The goal is always to improve and limit the flaws. Personally I've also noticed the refined scam attempts, eg the package texts use proper grammar.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: