Yeah, I admit that I rely a lot on "boy, this formatting looks bad" and "gee, this doesn't sound like it was written by a native speaker of English" in evaluating phishing emails (http://en.wikipedia.org/wiki/Phishing). Oh, I try to follow good practices, too ("Um, no, I will not click on this link to go to my credit card company's security page — I'll go there myself"), but the Laugh Test tends to be the first thing I rely on.
Which fails when someone actually phishes in a smart way.
Wall Street phishers show how dangerous good syntax and a good pitch can be
Major Wall Street institutions were cracked wide open by a phishing scam from FIN4, a hacker group that, unlike its competition, can write convincingly and employs some basic smarts about why people open attachments.
oh my god. phishers are getting smart. we're doomed.
One of the things I do is write security systems for websites. At a previous company we hired a group to try to break in through the security system. They couldn't, but they got into the network anyway, using a scam like this with the C-levels.
+Paula Moore Completely believable.