Like most people I’ve tended to take these spelling mistakes and grammatical errors as a reassuring sign of naivety, building a mental picture of the phishers as overseas kids having an amateurish punt rather than ruthless criminals.

But now I’ve changed my mind…

To begin with, whoever came up with this email was clearly intelligent and could certainly spell if they chose to. More to the point, I’ve received thousands of similar emails over the years and I don’t think I’ve ever received one without a spelling or grammatical mistake of some sort. I’d even begun to think it might be some kind of code-of-honour thing: look-we-always-warn-you-so-really-it’s-your-own-fault-if-you-get-caught.

This just doesn’t make sense. Having gone to all the trouble of coming up with a scheme and creating the email and associated site, surely it would be worth the phishers’ while to find an English speaker to boost their conversion rates? Or at least to run a spell checker over it? And has there really never been a native English-speaking phisher in all this time?

Or have I been missing something? Are the typos and weird sentence structure actually deliberate? Or at least not purely accidental.

My first thought on this was that the phishers might be cleverly varying the ocasional word that can easily be misread to avoid spam filters. Perhaps the phishing emails even mutate over time to avoid detection in the same way that viruses do.

That’s possible for a few cases like this current email but, on reflection, I think it gives the phishers too much credit. The real reason is much more basic.

Whether deliberate or not, the embarrassing spelling and grammatical mistakes end up working in the phishers’ interests because they quickly filter out the vast majority of recipients leaving just the real target: the less-than-confident non-native speaker. After all, the phishers don’t want thousands of users who are never going to leave personal details jamming their cheapskate sites or adding them to blacklists or generally making life difficult.

In other words, we – the technically-literate blog-reading public whose inboxes are crammed with this junk- have never actually been the target; we’re a problem. However, with just a couple of mistakes, the phishers effectively put their own spam filter in place and get what they want: a manageable stream of high-quality victims that have already proved susceptible to a bogus voice of authority and who are unlikely to cause trouble.

The quality of phishing emails hasn’t seriously evolved because, unlike viruses, there’s been no selective pressure to change. It works very well just as it is.

Why was I fooled? For one, it actually had my name in the email, and for another we as a magazine have been focusing on eBay for the last month or two as part of the investigative cover feature that adorns the current issue (eBay exposed). Could it be some sort of malicious attack from an eBay devotee, a paranoid part of my mind wondered?

So, with a deal of trepidation, I pressed the link – and was impressed to see how effective the combination of Mozilla Firefox and McAfee’s SiteAdvisor service is.

A huge red flash appeared in my browser window warning me that this site was considered to be a “web forgery”, and then I was auto-forwarded me to the SiteAdvisor page with the full description of its perils.

It’s a beautifully efficient system that just works, and if we’ve learnt anything from the McColo affair (where, after a big prosecution that took down US-based ISP McColo, spam fell by as much as 40% only to return to historic levels a matter of weeks later) it’s that cutting off the botnets doesn’t work – they’ll simply reappear.

You need to get rid of the commercial incentive of spam – and admittedly I’m talking “merely” about phishing-based spam here – which to my mind means integrating SiteAdvisor into every web browser out there. And updating to the latest web browser, not sticking with an old one out of habit or laziness.

In the meantime, if you haven’t, head over to the official SiteAdvisor site now for the free download.

It started off quite well, with the mail purporting to come from HSBC bank, and the actual email address was security@hbcs.com, which might just squeeze past some people’s radar.

But what went on with the embedded link? It contains the top-level domain “inhabit.com.au”, which doesn’t sound much like HSBC to me, nor I suspect to anyone who’s technical enough to launch a web browser.

Then again, these things must work or they wouldn’t bother sending them. My question is, has anyone actually received a less convincing phishing message?

Ten out of ten for creativity, though.