For as long as we’ve had technology, we’ve had scammers. Crooks have been fooling people since the invention of writing on clay tablets, and many of the modern email scams aren’t much more advanced than that. I’m talking here about our good friends the Nigerian scammers. These don’t always come from Nigeria, but they follow a basic pattern. They begin with an email, something like this:
My dear Brother or Sister in Christ, I am Mrs Penelope Wakandaforever, Widdow of the Late Minister of State, Sports, Racing and The Arts, Nigeria. I am Writeing to you In order to Commence Discussions on the matter of a Quantitie of Moneys, To Whit six Hundred thosand US Dollars ($700,000 US dollars)…
The emails typically go to explain that this “respectable” member of Nigerian society wants to send a large portion of money to you in secret, so that you can pass it to some worthy charity without attracting the attention of the government. Naturally, you will then get to keep some of the money as a “fee for your services”. If you fall for this, the scammers will first ask you to send them some money, a “small” amount like a thousand dollars, to grease the wheels and assist in making the 
larger transfer. If they convince you, you may end up sending them increasingly larger “small” amounts for various reasons, all the while being promised a big pay-day that never comes.
I can’t imagine anyone I know falling for this sort of thing, but there must be some out there, enough to keep these scammers in business. Looking through my own email spam folder, I see a very low-effort version with the words “Good Day, Please, I want to discuss a business proposal with you…” as well as a genuine old-school Nigerian scam that begins “Greetings to you, You have been gifted US$,18,700.000 Million (eighteen million seven hundred thousand) in 2025 Donation Funds. Contact me only at my private email below for your claiming…”
So it still happens.
Escalation: the scammers discover spell-check
There is a theory that the terrible spelling and grammar in these emails is a feature, not a bug. The idea, I think, is that intelligent, well-educated people like you and me would never fall for something so obvious, but that’s all right because they don’t want people like you and me to fall for it. Those other people have money too, and they are much less trouble for a busy scammer because they don’t ask questions like “why Do You put Capital letters In Random places in Your emails?” and “since when does the Nigerian government have a Minister of State for Sports, Racing and the Arts?” Instead, they believe what they’re told, which is what the scammers want. So the spelling is a way to weed out people who won’t be profitable.
In recent years, however, it appears that the number of people who believe everything they read has diminished somewhat, and so the scammers have turned to other targets. I discovered this when I recently put an advertisement on Facebook, shown at the right. I don’t do that often, but I tried it last Easter and had some success, so I thought I’d give it another try, This time it didn’t seem to attract any new customers, but I did get a steady stream of emails that claimed to be from Meta, the company behind Facebook, but were really scams.
They started coming not long after my ad was approved, and continued for the entire time it was running. They looked very official, with all the same styling and language as the real Meta emails, but crucially they were addressed to “Dear Huon Computer Solutions” rather than to “Dear Paul Sleigh” like the real ones always were. And when I hovered my mouse over the links, they pointed to some very dodgy-looking addresses, not facebook.com or anything like it. Instant red flag!
Here’s an example of one. Click or tap to see it full-size.
It’s quite convincing. A strong sense of urgency, a lot of sentences with verbs that agree with their nouns, and not a single Out of Place Capital letter To Be seen. If not for the fact that I also had emails from the same alleged source that indicated that my ad was running with no trouble, and which addressed me by name, I would almost have worried!
I am worried, though, at this change in focus. Previously, most of us could fool ourselves that the scammers weren’t after us. It’s the stupid people, we could say, ignoring the fact that dyslexia or an interrupted school career are nothing to do with stupidity and it’s insulting to say otherwise. But now, the vultures have come home to roost: having milked the poor spellers dry, the scammers are employing English graduates of their own to make their scams look plausible to the rest of us. Where will that end up? Nowhere good, I’m sure.
How to tell if an email is real or not
There’s a good rule of thumb for dealing with this sort of scam, and this is advice I give my clients when they ask about it, because they’re right to worry. When you receive an email that might be legitimate or might not, check for three things:
- Does it address you by name? Not by your email address, or as “Sir” or “Madam” or “Customer”. Real businesses that have a real business relationship address their customers by the names on file. Sure, it might be wrong in other ways — Telstra used to address me by my wife’s name, and some companies seem to think SURNAME FIRSTNAME in all-caps is the proper way to greet someone — but at least they know who I am. This is the number one difference between real and scam emails.
- Does it come from a business you have a relationship with? If you have flown with JetStar or get your electricity from Aurora or bought a book from Amazon, those companies have a legitimate reason to email you. If you get a suspicious email from Netflix and you’ve never in your life had a Netflix account, then you know it’s probably not really them. The good thing about this rule is that you don’t have to be accurate: if you’re not sure if you’ve ever dealt with the sender but you would prefer that you haven’t, treat it like spam and delete it anyway. Sadly, this does not apply to the electricity company if the email is a bill!
- Does the sender’s email address make sense? Suppose the email claims to be from JetStar, as an example. Check the email address it was sent from. Does it say something like no-reply@jetstar.com? That’s pretty legitimate: you’d expect JetStar to have an address like that. On the other hand, if it claims to come from 3g6uK4jUFd41@zm108100.hostinglotus.com, that’s another matter! Long gibberish email addresses, or personal names like nancy.jones2019@gmail.com that don’t get mentioned at all in the email, are a strong sign that an email is illegitimate.
So that’s good. Apply those three rules and you’ll be OK, right? … Right? Well, as it happens, that’s not as certain as it once was. Tune in next time when I tell you about the next, even more disturbing development in scam emails, known as the Laryngitis Scam. It gets worse!