08 Aug 2024 - AJ
If there is any word that causes discussion in anti-scam and anti-phishing circles, it’s the word “kindly”. We often teach it as an indicator that something can be a scam, that you should pay closer attention to the rest of the request. Sometimes I think we over-emphasize it as a sure-fire indicator, but it’s not.
Reading up on the uses of the word reveals that it can have a variety of uses by us native English speakers. Some of us use it for informal purposes, some more formal. And context is important! For example, I (an average American) wouldn’t look twice at a description of a “kindly grandmother” unless she turned out to be a serial killer. But when it becomes more active - that is, it’s used as “kindly (verb)”, my hackles immediately go up. Not because it automatically marks the communication as being from a scammer, but “kindly” in this context is at best a passive-agressive way to say “please”. If I say “Kindly get off my lawn” it means that I am very angry with you because you are on my lawn and you need to get off it immediately before I do something violent!
But the English that is taught in certain former British colonies and occupied areas tends to emphasize slightly archaic British English, thus “kindly do x” is actually considered a polite, formal request (and if someone says “please”, that’s the informal form that shouldn’t be used in business communications). They do not realize that this might not convey the same meaning to people from other parts of the world. So in a sense, the use of “kindly” can be used as a shibboleth to distinguish a speaker from these areas posing as a native English speaker from an actual native English speaker.
This does not mean that the word is 100% a scam, however, even if it’s used by an apparently local person to another local person. After all, we humans tend to migrate a lot. There are stories I’ve read of native English speakers who have to be told that Indian-born colleagues aren’t being rude (or scammy) if they write “kindly” in their emails; likewise their colleagues might have to be told to avoid “kindly”.
So, consider “kindly” as a reason to pause and consider the circumstances of the communication. If a company in India that you know is legit emails and asks you to “kindly fill out a form”, then it’s less likely to be a scam or phish, though if the request causes any alarm bells you should of course verify why they need it and make sure that the business hasn’t been affected by a Business Email Compromise. On the other hand, a canned message from an American bank is not going to ask you to “kindly click on this link”. If it’s any other circumstance, use common sense - don’t click on a link you can’t verify, don’t provide private information unless you’re absolutely sure this is someone you can trust.
(And if you’re asking yourself “why is AJ providing this information where scammers can clearly find it?” it’s because it’s not exactly new information - any ten-minute search on the world “kindly” in regards to scams will bring this up and it also helps that a lot of scammers are lazy enough/uneducated enough that they either don’t bother to change out their scripts or they don’t know the context. After all, they still get victims, does it matter that some slip the hook?)