Using Characters to Detect Chinese Phishing Threats in Taiwan

Image by ShiiftyShift

OK, I swear I didn’t click anything… but had to sit through a cyber security lecture on phishing at work. The most interesting part of the largely common-sense lecture though was how you can spot social engineering emails through the accidental use of irregular hybrids of simplified and traditional characters and terms more commonly used in China and not in common use in Taiwan.

In the video they say some of these hybrids are “simplified characters” but many of them attempt to disguise themselves as traditional characters unsuccessfully.

I thought I’d point out some of the examples used below:

「大家可以登入健康信息統計系統提交……」

So in Taiwan you rarely here the term 「信息」 at all, and even less in the context of personal health data, whereas 「健康資料」or 「健康資訊」 are much more common. The term「健康訊息」 is also common but refers more to information about health, rather than one’ s own health data. One way to check this is to Google the terms in quote marks and check out the sources of the web pages and the context in which the terms are used.

“健康信息” returns mostly articles from Chinese media, like Xinhua and the People’s Daily in a context very similar to that used in the Phishing email:

Whereas with “健康資料” the first results you’ll see are from Taiwanese government’s health app and Taiwanese universities. The first one is also a 系統 like we saw in the Phishing email:

賬密與大家的[censored]郵箱一致。

Another interesting example is the assumption by the presumed hackers that the traditional form of 「账」 will be 「賬」. This may be the case, but what the hackers don’t realize is that another character「帳」 is used in place of 「賬」 in most contexts in Taiwan, whether it’s account name/no. (帳號) or even when asking for the bill (結帳).

The hackers are also apparently unaware that 「信箱」 is the common usage in Taiwan rather than 「郵箱」 which is more common in China. Funnily enough, Taiwan’s post office has launched delivery boxes at their post offices, where you can get your mail delivered if you’re not home called 「i郵箱」, but if you’re checking your email inbox, it’s normally 「信箱」, while post boxes (I don’t even know how you say that in the US), are called 「郵筒」.

「匯總」 vs 「彙總」(to collect (data))

This was one of the odder examples in the video, as the guy said that 「匯」 was a simplified character, when the simplified character is, in fact, 「汇」, but, in fact, it’s a customary character difference. In China, the term used is normally 「汇总」 (which results in 「匯總」 if you put it through a Simplified to Traditional character automized translator and in Taiwan it’s normal to use the character 「彙」 in this context. Although it’s notable that the MOE Taiwan dictionary only has an entry for 「匯總」 not 「彙總」. Again, if in doubt, google and analyze the results.

发于 vs 發於

To be honest this is an obvious one and the hackers should be ashamed of themselves for such a rookie error.

我們已經收到您的反饋

「回饋」 is the more common term for “feedback” in Taiwan, whilst 「反饋」, although also in use, is seemingly indicative of Chinese from China according to the video. I tried googling this one, but to me it looks like a mixed bag, but anecdotally I’ve heard 「回饋」 a lot, both in terms of “feedback” and “rewards” (for credit card use etc.) and have seldom, if ever, heard 「反饋」.

您的郵箱賬戶存在安全隱患

So apart from the ones we’ve already covered (郵箱、賬), the sentence above used the term 「隱患」(concealed threat), which they said in the lecture was a 「對岸用語」 (Mainland China expression).

The top result when you Google 「安全隱患」 is this music video by Hong Kong singer SERRINI, but the majority of results seem to return sites from Mainland China, with the exception of a 104 jobs listing.

In Taiwan 「網路安全威脅」 seems more common, but I’m not 100% on that one.

I remember back in the good old days when they would pretend to be my kidnapped sister over the phone…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s