“Teach a man to avoid phishing, and you protect him for a lifetime.”
First Published on WWW.SUBSCRIBERMAIL.COM
In recent weeks, many email users have received messages from one or more well-respected organizations alerting them to be on the lookout for an increased amount of Spam and/or targeted phishing attempts.
While it is very unfortunate that these alerts were prompted by online security breaches that resulted in personal information being compromised, the increased attention being brought to the potential hazards of using email can serve an important purpose for both marketers and their email recipients.
The average email user has become accustomed to a certain amount of Spam, much of which appropriately lands in their Junk Mail folder. What the average user may not be accustomed to are sophisticated phishing messages, which can become difficult to identify as the content becomes more and more personalized. These types of attacks, known as “spear phishing,” may reference the recipients’ name, place of work, job title, city of residence, account number or any other available/stolen data to give the impression that a seemingly unknown sender isn’t a stranger after all. Once recipients drop their guard, they are more likely to click on links within a message and/or provide additional information.
The increased awareness surrounding phishing attacks will hopefully spare many email users from the harm these attacks can cause. For email marketers, it’s important to be cognizant of the fact that recipients are on high alert, and to be sure there is nothing about your messages that would cause a recipient to question your intentions.
As always, sending only to recipients who have given their permission for you to contact them via email is the best way to ward off suspicion, but even then a fair amount of caution is in order. Remember, email users receive dozens of messages every day, and depending on the frequency with which you send email communications your recipients may not recall providing their address/permission when they see your message in their inbox.
Be mindful of any call-to-action that appears on your messages. Never request that the recipient reply back to your message with personal information, and never include a form on an email message. Be mindful of the “Reply-to” address on your messages, which can cause alarm if a non-branded domain is used. Using an email client’s “BCC” field to send bulk mailings is a bad practice on a number of levels, not the least of which is that it’s commonly used to send phishing messages. Failure to test/proofread URLs can also give the appearance of phishing; common phishing techniques involve spelling out URLs in message body copy that actually link elsewhere, in addition to setting up traps using URLs on domains that are one or two characters different from legitimate domains. In these cases, a simple typo on your part could cause undue alarm.
As email recipients continue to become more and more educated about the elements of phishing emails, the success of such attacks will hopefully experience a sharp decline. Reputable email marketers would be wise to create messages from a recipients’ perspective to avoid being unfairly lumped in with these senders. In the end, the security battles have recipients paying greater attention to what is in their inboxes. As an email marketer, it’s important to make sure your communications are sending the right message.