According to the phishing training I was mandated to take at work if you are stupid enough to overlook the mistakes you are the right target. According to them the misspellings filter out the smart enough people they don’t want talking to. But that could also be nonsense.
Ignoring this specific case where it seems especially unlikely, that's always seemed like someone worked backwards and overthought it to me, "the spelling mistakes, they have to mean something".
I don't think there is a binary smart population and dumb population to optimise around, for every step down, some people who are otherwise convinced become hesitant and waste time, and some of that group become totally unconvinced.
In this podcast episode with the founder of conversational AI, he describes the need to make spelling mistakes (and correct them) in order to help establish that the bot is actually a human.
I think making sublte spelling mistakes is a much clearer sign that someone is human. The imperfection without correction makes it more believable. I still think the hackers could stand to take a creative writing workshop.
The argument is that the hacker’s operational costs are massively dominated by the manual work of social engineering, so they have a huge incentive to filter out people who are less responsive to social engineering.
If you accept that some people are more credulous than others, it becomes the best strategy to optimize for only talking to people who believe you.
I think higher level ways get dangerous. Contacting the FBI directly to try and get money might make it easier to find you. Trying to sell it or other information to a foreign entity is also risky because you can't be sure they won't turn you over.
I’ve worked in government and contracted for Fortune 500 companies. Never have I seen an email that was written like Trump’s Tweets. I’m sure it happens, but I don’t think it’s common.
