Clueless companies create cybercrime risk for customers

The email looked authentic: a virus-protection software provider said my subscription was overdue and about to expire; there had been a credit-card billing problem.

I knew that my subscription was due about then, so clicked on a payment link. Thankfully, some loose grammar in the email caught my attention and aroused suspicion that it was a phishing site designed to steal personal information. Crisis averted.

The email often looks authentic.

Photo: Alamy Stock Photo

Later that day, a friend complained about a phone scam doing the rounds. The scammer asks if you received unwanted telemarketing calls and would you like to join the Do Not Call Register, for a fee. The fraud was equal parts disgraceful and clever (as it leveraged off other frauds).

I wondered: has the risk of cyber fraud become so great that more and more customers do not trust any online or phone correspondence from companies?

Are more customers deleting company-sent emails without reading them, refusing to answer unidentified callers or letting every call go straight to voicemail.

And are honest companies doing enough to educate customers about how and when they will communicate with them, to help safeguard against online fraud?

Much has been written about cybercrime and how companies worldwide are spending billions to combat it. Less considered is whether companies are creating sufficient communication protocols with customers to help them gauge if communication is real.

My bank occasionally says it will never email customers with requests for personal information. But other service providers I use never explain their communication protocols to customers; they just expect them to spot fraudulent marketing.

As more companies move clients to electronic billing, it is surprising that many are not educating customer bases on ways to verify that information. They expect us to click on a link and pay a bill online, even though it could be a scam.

Like many, I hang up on unsolicited phone calls that have a pause at the start and are from an overseas telemarketing centre. A legitimate Australian company might be calling for a legitimate reason, but the threat of phone scams is too high to take the risk.

I am wary of electronic bills that have a payment link, preferring to use my bank’s Bpay facility. Again, it might be a legitimate e-bill from a legitimate provider but the risk of being diverted to a sophisticated phishing site and giving your money to a crook is too great.

Before long, the only payment/marketing information that consumers will trust will be the costly, paper-based kind that has their name and address on it.

That would be pity. There are huge cost savings and productivity gains from electronic billing. Digital marketing enables firms to reach consumers at low cost, tailor offers and be more responsive to their needs. Done well, e-marketing helps customers and companies.

This all depends on trust. Commentators talk about companies needing a “social licence” to operate, but as important is a “digital licence”. Organisations that repeatedly cannot secure consumer data, or misuse it, are as good as dead in the digital economy.

Companies have responded mostly to the cyber threat through investment in technology systems. That is not enough on its own. Cybercrime cuts across a range of organisation functions, from law to accounting, customer service, marketing and sales.

Companies must ensure their marketing strategy is aligned with their cybersecurity strategy. That is, how can the firm communicate with customers online, or send e-marketing offers, in a way that strengthens its cybersecurity effort, not detracts from it?

Some old-fashioned, written marketing communication is needed. A letter to customers, for example, that explains how the company approaches cyber safety and a simple guide on when, how and why it communicates with customers online, across different channels.

The goal: to educate customers on company communication protocols and help them authenticate honest material from the fraudulent approaches.

This step, of course, is not nearly enough on its own. But educating customers on this issue must be better than hoping they know what to expect on corporate communication.

If a customer, from the youngest to oldest, knows the firm will never send e-marketing offers that ask for personal details, that’s a start. So too if customers know the company will always begin phone calls with reference to the customer name or other details. Or that the firm will only text when a reminder notice for an overdue bill is needed.

If this information remains a mystery, more customers will hang up on all phone/online company communication, stifling corporate efforts in the digital economy.

Most Viewed in Business