I think you're missing the mechanism through which these things work. Read the email? People see the subject line and look for a link to click on. The fact that there are grammatical mistakes merely shows that it is unimportant in a phishing expedition. I too read emails by reading the subject line or the first sentence but I'm aware that phishing exists. I can guarantee my mom and dad don't.

Agreed, and that was sort of the point that I was making in my closing paragraph above. It's fairly remarkable that all it takes to convince people to take action is to include a URL. This "Where do I click?! Where do I click?!" reaction to emails is a continuing puzzle to me.

>> This "Where do I click?! Where do I click?!" reaction to emails is a continuing puzzle to me

Two things here:

1- The subject line of these e-mails usually comes as a threat: 'Your account has been (will be) suspended.' I've talked to many victims of this type of phishing and this is the prime thing that catches their eye. For example, go tell an active eBay seller who has 40 sales about to close (make *lotsa* money) if they're carefully dissecting the body of the e-mail for grammar. It doesn't happen. They can't get to the site fast enough and give up their identity.

This isn't an issue of educational level, either. I've talked to both extremes and the answers/excuses/reasons are very close to being identical.

2- The myth is still being put out by countless 'experts' that if you see 'http*S*://' (emphasis mine), the site is safe. It's *not* safe. This is the way the link is forged to appear in the body of the e-mail.

In fact, most phishing sites include a .php script that will display the URL in the victim's browser as not only having the 'https://,' but having the exactly correct login string. A couple years ago, what they're saying was correct, but this gives a good time reference of how far the 'experts,' and especially the government, are behind the development of phishing as an artform.

This isn't an issue of finding something 'new,' posting it to somebody's 'report-a-scam' site (i3c, FTC, etc.) and waiting a few months for these poor souls to catch up to your report. The phishing world is changing, updating, modifying on a near-daily basis.

I come from the land of 'legit' corporate missives to users. The bad grammar adds to the authenticity!

As PT Barnum observed, you can never go broke underestimating the public...

The funny part is, most of the phished email I receive comes to email accounts NOT related to any paypal, bank etc... account whatsoever.

Best defense is to have a separate email account ONLY for the financial institutions, and NEVER EVER use that email account for any other purpose.

I've recently noticed that spam is coming in with a new set of keywords related to medical or emotional trauma like 'miscarriage' and 'upcoming divorce.'

Now, I'm not sure what the content text is, as I never open the messages, but the headers are certainly more catching than 'ch33p v1agra l@@K!!'

Given the amount of money that's apparently being made on identity theft, bot-nets and old fashioned love potions it seems like we should have seen this type of innovation a long time ago.