In a narrower sense, you're choosing between interpreting a phenomenon (obvious red flags in scams such as Nigerian emails) as being either calculated malice, or malicious in intent but bumbling in implementation. Hanlon's razor still seems to apply.
As another commenter noted, I believe the more appropriate razor is Occam's, since this is not a question of malicious vs. non-malicious, but a question of the complexity of the malicious methods used by the attacker, but we can agree to disagree.
