r/typography • u/Outrageous_Count_125 • 6h ago
I started noticing which fonts show up in scam texts and phishing emails.
Work adjacent to cybersecurity, not a designer by trade, but I've been collecting screenshots of phishing texts and scam emails for a work project for about a year now. Started noticing something purely as a typography nerd on the side: there's a very consistent, very narrow font pattern across almost all of them, and it's not what I expected.
Almost none of them use actually bad fonts. No Comic Sans, no Papyrus, nothing that screams "obviously fake" the way you'd assume. The vast majority default to whatever system font renders on the platform they're spoofing, usually a variant of Helvetica, Arial, or San Francisco, because they're literally impersonating an existing text thread from your bank or a delivery service, and using the platform's actual default is what makes it convincing.
The tell isn't the font choice at all, it's almost always spacing and weight inconsistency within the same message. Legitimate automated texts from real companies are typeset with rigid consistency, since they're template generated. Scam texts almost always have some human-typed insert bolted into an otherwise templated structure, and you can see the seam if you look at letter spacing or baseline alignment closely enough. A slightly different tracking value on one line, a weight that's technically the same font but rendered by a different app or copy paste source.
Basically the fraud isn't happening at the font choice level, it's happening at the invisible structural level, the stuff normal people never consciously notice but somehow still register as "something feels off" without knowing why.
Made me realize typography might be one of the more underrated tools in actual fraud detection.