Linguistics and the prevention of bank phishing

Human beings have got where we are today thanks basically to two essential factors: sociability and communication. Being social animals and working as a team has allowed us to develop far more than we would have as solitary creatures.

Similarly, the ability to use language to communicate has let us develop our intelligence and generate synergies unseen in any other species.

Language is a fundamental human skill as it allows us to convey information and knowledge to others. We are adapted both physically and mentally to the use of language. We are “narrative” beings who spend our lives communicating and telling stories. Which is why social media and communications systems opened up by new technologies have become so popular and widely used. They allow the possibility of constant, multi-channel, globalised communication.

But as always, there’s a downside: language can be used not only for cooperation and group development, but also to achieve individualistic objectives that are detrimental to the person receiving the information. In other words, we can lie.


The trend to lie

Apparently, most people tell one or two lies a day on average.

That means that lying is not uncommon in human communication. To the contrary, it’s a tool that we use frequently to further our most individualistic goals. Individualistic because we generally lie to people to obtain some kind of advantage, i.e. we stop being social and place our own benefit (or that of our group) before that of our interlocutor (or her group).

In short, we are able to manipulate reality and the information we give to others through language, and with this “simple gesture” we can make another person say, think or do something that they would not say, think or do if we hadn’t given out misleading information. Let’s look at an example that everyone will be familiar with.

One morning, you open your inbox and find an email from the “COVID-19 Solidarity Response Fund”, a charitable funding initiative organised by the WHO to help fight the pandemic.

A delegate from this organisation has written you a heartfelt email describing how her father and brother have been killed by the virus and how she wants to spend the rest of her life fighting against this and other pandemics may arise in the future.

She asks for help to buy healthcare material and gives some bank details for making a donation through an external auditor, making the process look transparent. However, after clicking on several links and filling in forms on different websites with the WHO logo, your bank account is hacked.

Indeed, lies also abound in the virtual world, and in fact they are one of the main characteristic features of what we call the internet. In the digital sphere, you can never be sure that what you’re seeing is true.

The anonymity offered by the net certainly encourages all types of fraudsters who use language to achieve their objectives.

Why did you believe the email? How can we be deceived through language? And more importantly, is there anything that could have been detected or identified that would have shown it to be fraudulent?


Linguistics as a weapon of illusion

This is where we another weapon in our fight against cybercrime comes in: linguistics, the science that studies human language. What interests us in this specific case is how these fraudsters use language, the structure and architecture of a fake narrative, and what type of content should ring warning bells.

Firstly, we can say that telling a lie requires more cognitive processing than telling the truth. This means that when a liar is telling us something that isn’t true, not only do they have to pay attention to the false information, they also have to pay additional attention to:

  • Remembering the whole lie that they’re telling, in case they have to repeat some or all of it.
  • Making sure all the parts of the lie tie together with the previous parts, i.e. that they are coherent.
  • Detecting signs of whether or not the interlocutor believes what they’re saying.
  • Monitoring themselves to make sure they’re not behaving in a way that would show them to be lying.

As we can see, this process is a lot more complicated than when someone is simply telling the truth.

The first consequence of this complexity is that false messages use simpler language. In other words, false narratives “get straight to the point” and try to keep it simple so as not to require so much attention, as the more intricate the lie, the more cognitive processing is required, as previously mentioned.

Basically, the size of the vocabulary used and the content in general will be smaller for false narratives than for real ones.

Conversations that take place through computers or other electronic devices are mainly text-based, which means we can carry out qualitative and quantitative analyses of the text, allowing us to observe and quantify how many words they use and whether or not they contain certain elements related to credibility.


The structure of a fake email

Generally, the linguistic structure of a phishing email such as the one described above will include a series of elements:

  • Opening/greeting
  • Introduction
  • Narrative
  • Invitation
  • Request for confidentiality
  • Closing

The opening, or greeting, is something that we are used to seeing and that offers a sense of security. We don’t usually communicate with abstract beings – even voice assistants have a name, something to identify them by, and the first rule of communication is to identify our interlocutor.

The introduction usually expands on the identity of the sender and tends to contain a common element – an apology. Generally speaking, phishing attacks are emails that the recipient isn’t expecting to receive, and either interrupt them or generate surprise.

This puts them on guard and heightens their attention, and can generate mistrust. The rules of good behavior dictate that in this kind of situation, the other person should apologise. Try to recall the last time a salesperson stopped you in the street to offer you a service or to get you to sign up for something. They generally start off with an apology after the initial greeting.

When it comes to the narrative, it usually describes the cause of the problem that requires our participation. For example, Nigerian scam emails normally explain where the money is supposed to come from: a donation, the lottery, etc.

They also generally contain some kind of emotional experience to create a connection with the recipient: a death, a painful situation, family problems, traumatic situations, etc., to generate empathy and emotional connection.

Then the sender invites us to participate in the situation, for which we will obtain some kind of benefit, generally financial but also possibly of some other kind.

The request for confidentiality may be aimed at getting the recipient to confirm their interest in becoming involved and generating an atmosphere of trust and security between the parties. The idea is make the recipient feel at ease, as this type of phishing email, like the Nigerian scam emails, can sometimes make us feel as if we’re accessories to a situation which, although it may not be strictly illegal, is certainly irregular. By making a request for confidentiality, this gives the sender certain credibility.

The final part of the message, as well as giving a closing farewell, tries to impress on the recipient that there is an urgent need to respond: either time is running out or the situation is such that action needs to be taken as soon as possible. There is no time to lose, or in other words, no time to think.


Warning of a false message

Together with this basic structure, there tend to be a series of elements that indicate that we are dealing with a scam:

  • Emphatic language: scammers want us to believe what they are saying, and so it even though their message is very simple, it will also be repetitive, and they may even curiously appeal to the truthfulness of what they are saying.
  • Distant language: as the story they’re telling isn’t true and they haven’t really experienced it, this means there will be less physical connection with what they’re saying. They will tend to omit personal pronouns, opting instead for the third person. Sometimes the sender may start off talking in the first person before gradually distancing themselves from the situation and events.
  • Reluctance to generate questions: scammers don’t want us to question them, as this would be awkward and throw their lies into doubt. They therefore try to avoid having to answer any questions about their story, giving brief or off-topic replies.
  • Ambiguity: in relation to the above points, false narratives will be full of imprecise details or ambiguities, as lies give less room for specific, objective and verifiable data.
  • Limited details: also in relation to the above, when someone hasn’t actually experienced a situation, they are only able to provide a small amount of details, and these will never be as vivid or insightful as we would expect if the person had actually experienced what they’re talking about. The upshot is that the narrative gives a minimum amount of superficial details, explained in way that appears artificial.



Written language is the basis of virtual communication: texts are the main type of communication found on the net and are the easiest way for hackers and fraudsters to scam us.

Proof of this is the growth of phishing – hooking people in with fraudulent stories – with attacks growing by 640% in 2019.

Raising awareness of this situation and informing people about the signs to look out for are crucial for preventing financial and bank fraud.


Check how our solution can help you to resolve your company's online fraud issues by requesting a free DEMO and we explain it to you in detail.

Watch video



Posted by Tim Ayling

Tim Ayling is currently the Vice-President EMEA at buguroo. With over 20 years' experience in the cybersecurity and anti-fraud industry, Ayling began his career in technical support, and moved on to System Engineering. He began his leadership career when he established Entrust Inc. in Australia in 2003 and was made Vice-President Asia Pacific in 2006. Ayling has held numerous leadership roles in large cybersecurity vendors, including serving as the Global Head of Fraud Prevention Solutions at Kaspersky Labs, as EMEA Director of Fraud & Risk Intelligence at RSA Security, as well as spending time in the cyber-security practice of KPMG.

Did you like it? Share in your social communities

We recommend you...