"The Genre of Scams"
Gordon ByrdGordon Byrd is a rhetorically conscious writer with a long career of reading/writing emails. Periodically, he writes articles for magazines as a hobby. Currently, he is enrolled as a doctoral student in ECU's Rhetoric, Writing, and Technical Communication program. Contents |
The Scam Email GenreTo analyze an example of the scam email genre, I will use a method that hackers, scammers, and identity thieves use (successfully or unsuccessfully) to initiate a desired uptake. The desired uptake in this case is the voluntary giving of sensitive information. The Homeland Security department has set up a website to inform citizens about the different genres of scams (“Phishing”). They define several different genres that attempt to persuade users to give up their information. A typical influencing technique is to use authority. This influence factor reinforces the genre and the need to comply with the uptake. I will show how the influence factors are situated in the genre as elements of the genre and necessary for the uptake to occur. My artifact for this study is a phishing email I received on my university email account. This email was not successful, since it did not receive the intended uptake, but if it had worked I would not know it was a phishing email. The subject of this email was “E-mail Login-Mail.” It was sent on a Friday at 6:28 am EDT. The senders address was Mason, Andrea <AMason@crcds.edu>. The text reads: Email Login-Mail This attack relies almost exclusively on the tendency for people to obey authority (Mitnick, 2002, p. 247). To establish authority, the attacker must convincingly use the genre that elicits the desired uptake. This involves creating a subject position. If an email successfully uses the genre, it adds to the authority of the attacker and may result in the desired uptake. This scam was coming in the form of an email. The medium that was chosen has several specific characteristics and a structure that dictates which information goes in which field. Its subject field needs to be specific for the content of the message. Interestingly enough, the attacker chose to mention “Login” in the subject field, but there was no mention of login information in the actual email text. This violates the genre and a reader anticipates a “System Administrator” not to violate the genre requirements in this way. This first oversight detracts from the authority of the email, which makes the reader more likely to become suspicious and less likely to become a subject. This is the first way genre knowledge can both strengthen security and make an attack more effective. Next, the authority figure the attacker is impersonating is supposed to be on my campus, and working during the normal workday. It is difficult to convince a reader of some over-zealous system administrator sending emails one-and-a-half hours before the university offices opens. Because the email was sent at an odd time for a System Administrator to be sending notices, the attacker’s attempt at commanding authority over the reader is diminished even further. Because of this detraction from the genre, the attack loses its effectiveness. The sender’s name is an important piece to establish authority and convince the reader to respond with the intended uptake. In Mitnick’s book on deception (2002), he shares many stories where an attacker does research on his or her target beforehand and finds a name in authority in the target's corporation (236-8). In this case, “Andrea Mason” is not a recognized figure in my university’s hierarchy, nor is she someone from my Department of Information Technology. There is a safe bet that at larger institutions, most employees would not know everyone in their IT department and therefore the attacker would be able to convince someone of the authority. But, this attacker did not do the necessary research to learn that information. Furthermore, the email address was not from our university’s domain name, even if it had a “.edu” at the end. So the first characteristic outside of the intended genre was a recognizable authority. The second was that the authority was not from within my university system and could not have a commanding position over the subject. It is not a genre requirement to know the sender in interdepartmental communications, but it is expected that the email address be from the correct domain. The text of the email was the most obvious violation of the genre. A reader may quickly look over the previous characteristics, scanning to get to the body of the email to read the whole message. So, it is arguable that the first parts of the genre can be neglected some if you have a very convincing body message. As a genre, emails take on the form of letters. In most professional emails, just like a letter, the addressee will be named first. A subject-reader may expect to see his or her name in the beginning of an email. There is an arbitrary formality of this, but it helps when identifying people who are familiar with a discourse community, in this case the email etiquette in an academic setting. Besides this, another tendency that humans have, which is manipulated by hackers, scammers, and social engineers, is our “tendency to comply when the person making a request has been able to establish himself [sic] as likable” (Mitnick, 2002, p. 247). This attacker could have used this if he/she began with a friendly word or greeting. This is common among co-workers and a “social engineer will also attempt to mimic the behaviors of his targets to create the appearance of similarity” (Mitnick, 2002, p. 247). Not only does the genre establish authority, but it also establishes a similarity between sender and addressee, which encourages cooperation and uptake. It is a reader’s assumption when opening an email from an authoritative figure that the grammar, punctuation, and terminology will be correctly and consistently used. This is because the reader is familiar with the genre and has these expectations. This scam email used the term “mails” in place of “e-mails,” then it used a comma as a period and began the next sentence with a capitalized letter in “Please.” This is only a speculation, but I believe this attacker was not a native English speaker, which would explain the language-use difficulties and unfamiliarity with the genre. Moving beyond the syntax, the message was non sequitur, citing “maintenance” as the reason incoming messages were blocked. It is also unclear how clicking the link will unlock the messages. In the email genre, it is not a requirement to elaborate on every point and concision is valued highly, but this lapse in typical use of language and little to no use of logic detracts egregiously from the authority the attack is trying to claim. My university’s IT department has consistently informed its users not to click on links in emails from unknown people and never to give out login information when requested by websites. This makes it very difficult for attackers to convince targets that they should click on the link and give their login information. Additionally, my university does not encourage internal emails to share links, so that users are not in the habit of clicking on links in emails. The presence of an unknown link is also a telltale sign of a scam email genre. Since this email was asking the reader to click on the link and that is in direct violation of the IT department, the recognized authority, this additionally weakened the attackers claim as the proper authority. The email signature block is a highly customizable feature in an email. The signature is a genre in and of itself. As Bawarshi (2003) would no doubt point out, the genre dictates what is allowed and what is mandatory in a signature, and yet it is also a personal touch on some very generic emails. The signature is much like a business card in the information it conveys. It has a traditional spot in the email; it is last except for the occasional quote or Post Script. The signature blocks from my university have a general format. Some people share a quote from a highly respected person (or themselves). It is a characteristic of every signature to put the sender’s name. After that, most signatures will have a title, an office phone number, fax number, department information, etc. Some shared mailboxes may have a department signature without the sender’s name. This is the type of signature this attacker was trying to imitate. The signature begins commonly enough with a “Thank you.” After that the order of the signature becomes confusing. The next line says, “Mail! Mail Product Management,” and then “Accounts team.” This immediately throws off the authority appeal. The email is coming from an “.edu” account and written to an “.edu” address, but the signature is referencing some type of business that provides email services. Following this is a string of strange yet official-looking pieces of legalese, “Copyright © 2015 Mail Inc. (Co. Reg. No. 2344507D) All Rights Reserved. Intellectual Property Rights Policy.” This does not fit into the email signature genre from a university. Finally, the signature gives a job title, “System Administrator ®.” I do not know why this title is a Registered Trademark, but no doubt the attacker thought these last pieces would add authenticity and authority to the email’s message. Because these features are outside of the university’s email genre, these further degrade the desired authority position and the uptake.
|