Showing posts with label security. Show all posts
Showing posts with label security. Show all posts

4/10/2024

Discover Bank: An Email from Discover, Or Is It?

I recently received an email from Discover Bank (probably) about adding a layer of security to my account -- and about some other basic ways to keep my account secure.


Email from Discover Bank (probably)


The email itself is informative enough. The subject line reads, "Marc, do you know how to keep your account safe?" The subhead reads, "Learn how to spot bad actors before they spot you." And the body of the email includes all the typically scary Be-Careful-And-Don't-Trust-Anyone-Else language.

But...

The footer includes a reminder to "Add DiscoverBank@bank.em.discover.com to your address book to ensure delivery of these emails." 

The email was not sent from that email address or even from the discover.com domain. The sender is dfscorpor-Unbranded2 <dfscorpor@dfscorpor-2.rsys5.com>. Now, maybe that is a legitimate email address managed by Discover, but it seems like one of those scammer email addresses your father warned you about -- and that undermines their intended message of trust.

So, maybe if you're trying to create trust with your customers, you don't start by making them paranoid.

Lesson:
Consider what you are using as your send email address, especially when sending emails about account security.

10/15/2019

Vanguard: Beefing Up Security, Beefing Up Customer Emails

Earlier this year, I wrote about an email from Vanguard to customers that included a few Creative Fails. It described some type of transition. This email is an improvement. It applies some best practices to motivate the reader to take action to motivate the reader to take action to set up 2FA, also known as two-factor authentication.


2-factor authentication
Vanguard Security Update email

The email opens in an emphatic tone. It speaks like a communication from Vanguard; that is, the tone fits their their brand identity of taking a stand for investors and treating them fairly.

The second paragraph contains the call to action. It cites a shared responsibility. It explains what is being requested and why.

The third paragraph includes a time-specific call to action. The response window is four weeks -- a bit long in internet time, but fair considering the actions involved.


The fourth paragraph explains (in plain English) what the reader needs to do. Although the call to action is to do something after logging into the Vanguard web site, there is no hyperlink to the login. We may reflexively consider this an error, but it is actually an email security best practice that guards against phishing attacks. 

Finally, there is a polite close reinforcing the cooperative nature of the call to action. 

There are a couple potential minor improvement opportunities. I would consider adding a valediction, along the lines of "Sincerely, Vanguard Customer Service" or perhaps a couple FAQs. But these are based on my intuition and outside understanding of the target market. In the best possible world, if timing allows, an A/B test could be executed to see which edits would result in improved response.

Lessons:
  1. When communicating with customers, your communications style should be aligned with your brand.
  2. Requests to your customers should be date specific.
  3. A/B test every communication as feasible.