How Language and Culture Play into Phishing Scams
It happens to all of us. You get an email from a friend with a suspicious looking link. You know you shouldn’t open it, but the subject is just too enticing.
It’s something like, “Wow you won’t believe what this guy is saying about you online.”
And beneath the enticing line, is a link.
Chinese linguist David Moser couldn’t help himself. He clicked the link and kablooey. “I had given away the game into cyberspace.” He had been hacked.
Moser was victim of a phishing scam. Phishing is when a hacker reels you in with a clever line and then hooks you with a link to click and download malware onto your computer. Phishing is part of how Chinese hackers get inside government computers, and if you remember back a few months ago, how they hacked into the New York Times.
According to the cybersecurity company, Mandiant, hired to investigate how the New York Times was hacked, one important tool hackers are now employing is “good English.” Moser says it’s a sign of the times.
“We know there are at least 300 million people in China learning English right now. That’s the population of the US. So there’s got to be lots of people good at learning slangy English,” says Moser.
It’s true, these scams have gotten a lot more sophisticated says Andrew Howard. Howard studies the effectiveness of phishing at the Georgia Tech Research Institute by writing and sending what he calls “ethical phishing emails” and measuring how many people click on the dubious link.
“In my experience even a really poorly crafted email, we see click rates in the 20-25 percent rate.”
Yes, says Howard, those ridiculously worded emails from your long, lost friend in Nigeria who’s got some money to give you if you’ll only release your back account number, even those emails pay off. So imagine, says Howard, if you add better language skills to the mix?
“I’ve been using online translation services just to read the internet. Those services are getting better and that’s part of the reason you see better written emails,” says Howard.
It goes beyond language, according to Peter Cassidy who heads the Anti-Phishing Working Group, which monitors phishing scams around the world. The scammers are tapping into deep cultural mores.
“What will affect the culture will inform the stories [scammers] are trying to tell,” says Cassidy.
For example, in Japan, scammers prey on Japanese feelings about shame and what gets people to click is blackmail.
“Japan has it’s own blackmail-ware,” says Cassidy. These are emails says Cassidy that for example threaten a Japanese internet user that unless he forks over money, his wife will find out what he’s been looking at online.
As for what gets Americans to click, it’s charity.
“Seventy-two hours before Katrina made landfall, the first Katrina charity phishing websites were established. I think generosity is the calling card of Americans.”
So what about the country we are fixated on at the moment, China? While there’s evidence that Chinese are hacking US corporations and government agencies, the run-of-the-mill Chinese cyber scammer is not wasting his or her time using Google translate on American consumers but scamming in their native tongue. It’s a lucrative venture as more and more Chinese are buying and selling online.
China’s a place that’s gotten wealthy very quickly. A generation ago many Chinese couldn’t imagine owning a computer nevermind connecting to the world on the internet.
“Suddenly [they] have an enormously powerful computer and the internet and everything out there and oh boy it’s fun,” says Cassidy.
Fun until their computer gets infected which, according to Cassidy, more than half of Chinese computers are infected already. That he says is part of the price of prosperity.