Why Do Phishing Emails Have Such Obvious Typos?

Have you received an email from a Nigerian prince asking for your help? Were you recently notified you won a lottery that you never participated in? If so, you’re in good company.

Virtually everyone with an email address knows about phishing scams. If you’ve not received a phishing email, you might not know what they look like or whether you could identify them. However, many phishing emails have one undeniable, common characteristic—poor spelling and grammatical errors.

Here’s an explanation of why phishing emails are chock-full of typos, some other ways to identify phishing emails and how to protect yourself.

Why Phishing Emails are Riddled With Typos

Some people don’t pay close attention to the spelling or grammar in every email they open. In today’s fast-paced business environment, not every employee has time to read each email word for word, so they might overlook typos.

However, the reason why phishing emails have so many typos is simple—they’re intentional and are included by design. The scammer’s goal is to send phishing emails to a very gullible, innocent victim. If they have typos, they’re essentially weeding out recipients too smart to fall for the scam.

They might include typos to bypass your email inbox’s security filters or to make messages seem more relatable or authentic. Sometimes, the sender might not speak the language they’re writing in, which explains typos, grammatical errors and strange phrases or sentences.

Other Ways to Identify Phishing Emails

Aside from the obvious (or not-so-obvious) spelling and grammatical errors, there are other methods you can use to spot suspicious messages. Here are other identifying characteristics of phishing emails.

1. Requests for Personal Information

Official business will never — under any circumstances — reach out and ask for personal information. If you receive a scam email, the sender might ask for your social security, credit card or bank account numbers and other sensitive details. Do not interact with them or send private information if you see these requests.

2. Generic or Lack of Greetings

It’s relatively normal for a sender to include some type of greeting—“Hello, dear (your name)” or “To whom it may concern” are some common phrases. Sometimes, scammers will send phishing emails with either a strange or generic greeting or no greeting at all. For example, would you usually receive an email with “Greetings, citizen” or something of the like? Keep an eye out for any out-of-the-ordinary greetings or a lack thereof.

3. Unfamiliar Webpages or Hyperlinks

When emails include suspicious links to web pages, it’s pretty much a guarantee you cannot trust that sender. Your friends, family, colleagues and others who typically reach out through email have no reason to include suspicious or misleading links.

4. Sender’s Email is Unofficial

If the sender’s address looks strange, it might be phishing. The “from” email address might have weird characters, misspellings or other abnormal traits that would never be tied to an official email address.

Here are some additional tips to help you avoid phishing emails:

  • Follow the 3-2-1 backup rule—make three copies of your data, store them in two places and store a copy in one offline location.
  • Use unique, strong passwords and a password manager.
  • Have security software on your devices.
  • Set up multi-factor authentication when possible.
  • Update software on all of your devices regularly.

Protecting yourself from phishing is crucial in today’s digital world, as your sensitive data could be at risk of being stolen or even sold on the dark web.

Identify and Avoid Interacting With Phishing Emails

Phishing is a common type of cybersecurity attack, but there are various ways to protect yourself from a phishing scam. Be mindful of the emails you receive, check them for typos and other strange characteristics and store backups of your data.

Avatar photo

Zac Amos

Zac is a cybersecurity writer and the Features Editor at ReHack, an online tech magazine. When he isn't covering new topics in phishing or ransomware, you'll probably find him reading or watching Netflix.

zac-amos has 2 posts and counting.See all posts by zac-amos