Banks: write better, cut online fraud

Hey, banks – if you want a killer reason why your brand needs a tone of voice, and why you should use it every time you write to your customers, it’s this: it’ll help stop your customers falling foul of phishing emails.

Why? Because online fraudsters can’t write. Most phishing emails are full of grammatical errors, clunky phrases and – deliberately or not – are written in a strangulated formal tone.

Even the quickest nose around banksafeonline’s archive of phishing emails turns up a whole crop. How about this from an attack on Co-operative Bank’s customers:

‘The Co-operative Bank P.L.C. Internet Banking Security Department has been receiving complaints from our customers for unauthorised uses of the Co-Operative bank accounts. As a result, we are temporarily shutting down some selected Online Accounts perceived vulnerable to this, pending til the time we carry out proper verification by the account owner.’

‘For unauthorised uses of’ is just bad grammar. And the strangulated formality of accounts ‘perceived vulnerable to this, pending til the time...’ is just weird.

This phishing email sent to Halifax customers crams the same two bad habits into a single sentence:

‘Important notice: note that your Security Question and Answer should be match correctly for proper re-verification, in order to avoid service suspension.’

Of course, most people who fall foul of these attacks aren’t reading the phishing emails in this kind of detail. And that’s the point. At a quick read, people obviously just get a general feeling that these emails are genuine.

That doesn’t say much for our impression of how banks communicate with their customers. But it does present a clear opportunity: if you make sure the way you write to customers is clear, natural and distinctive to your brand – especially for ‘unsexy’ day-to-day emails – then these shabbily-written phishing emails will instantly feel wrong to your customers. They’re much more likely to think ‘hang on, this doesn’t sound like my bank...’.

Ironically, the phishing email that prompted me to write this post was this one, purporting to be from HM Revenue and Customs:

‘After the last annual calculations of your fiscal activity, we have determined that you are eligible to receive a tax refund of 468.50 GBP. Please submit the tax refund request and click here by having your tax refund sent to your bank account in due time.’

Its pompous and formal tone sounded exactly like how HMRC actually sound. Which is really dangerous for them.

PS: Hey, phishers! Ever thought about signing up to one of our writing workshops?
Get lost. We only use our powers for good.

comments powered by Disqus