A lot of times, the fraudulent email messages that show up in your inbox are laughable. Bad spelling, terrible grammar, bizarre claims, incorrect logos when they try to imitate a well-known corporation. If you’re a charitable type, you might chalk it up to the fact that many scams originate overseas, from people whose first language is not English. If you’re not as kind, you might just go with, “Boy, these scammers sure are stupid.”
But what if there is a reason those emails are so wrong on every level? What if they’re that bad on purpose? After all, they still work.
Pretend you’re running an email scam. You bought a database of a million email addresses for a couple dollars, and you want to maximize your earnings in as short a time as possible.
If you send your scam attempt to all one million addresses (we’ll assume they’re all valid for the sake of this example), and your pitch is so well-crafted that 1% of its recipients respond, you now have an inbox with 10,000 replies. On the surface, that might look great—after all, 10,000 victims that lose $1,000 each means you’re going to have $10 million coming in.
However, not everyone who responds is going to end up following through and wiring you money. If only 1% of the 10,000 who responded end up giving you money, that’s 100 victims (admittedly, still a nice little chunk of change), but 9,900 people you had to waste time trying to convince to fall for a scam they ultimately didn’t fall for. If you’re a single person, or a small team, that’s a lot of time lost. When you consider the hours that would have to be spent, it ends up being more cost-effective and less work to get a job. It would be much better to deal only with people who are very likely to send money.
The solution a lot of scammers go with is to make the attempt as transparent as possible from the start. This way, the only people who respond are those who are not savvy enough to detect anything suspicious. If only 200 people out of a million respond, the success rate is going to be much higher, and less hours will have to be spent on people who ultimately figure out that something isn’t right.
None of this is to say that every scam attempt is going to be completely transparent. One type of email scam, known as spear-phishing, uses inside information about a company to gain access to sensitive financial or customer information. These messages appear quite professional, with perfect spelling and grammar, and correct details about a business’s operations, and in many cases attempt to impersonate a manager or executive at the organization itself.