With marketing becoming largely digital, email in particular has become a huge driver for generating more leads, conversions and ultimately revenue.
It ranks above other distribution channels such as affiliate marketing, SEO, and even social media. In fact, email marketing was found to be the preferred channel by most marketers in a survey carried out by Gigaom.
While it may sound easy to simply click and send off a slew of emails, the least of our worries is a full inbox. Email is deemed one of the most valuable online distribution channels, but it’s also the least secure. With people’s personal information at stake, the email channel must be protected at all costs.
At the end of the day, it’s not just about ensuring that your marketing campaigns are effective but it’s also protecting your brand’s reputation and helping your customers, past, present or future, from falling for possible scams and cyber attacks like the most common one for email marketing: phishing.
What Is Email Phishing?
Phishing is a big threat to marketers because it can directly affect marketing efforts and Return on Investment (ROI) drastically.
According to Venture Beat, for every $1 spent on email marketing, there is a $38 ROI (some even believe this number to be upwards of $42).
So, what exactly is phishing?
There are many variants of phishing but they largely all follow the same pattern.
Phishing works through electronic communication, usually via email, in which the sender mimics a trustworthy entity using social engineering tactics to convince the recipient that they are legitimate and, in return, obtain personal or financial information for malicious purposes. It’s more than just financial losses; phishing also affects your company’s brand and reputation.
A major downside with email phishing is that anyone can fall for one.
Social engineering has come a long way and even top executives like CEOs fall victim to phishing emails (this particular type is called “whaling”). Today, businesses are seeing more and more malicious emails flooding their inboxes. Statistics from Symantec’s 2017 Internet Security Threat Report revealed a disturbing fact: one in every 131 emails contained malware in 2016.
Phishing is an extremely successful tactic for hackers to get what they want, and marketers should take extra caution. Email phishing has a huge impact on marketing email campaigns, so it’s important to know the warning signs.
Here are some warning signs to look out for when identifying a potential spoofed or phishing email:
- Poor spelling and grammar. We are all human and make mistakes, but when an email correspondence is littered with spelling and grammatical errors, then there is every reason to be suspicious since a reliable and professional entity will rarely make that many blatant typos.
- Check for any lack of personalization. If the email was directly sent to one person, a vague greeting without specific names or titles also calls for suspicion.
- Urgency detected. If the email message seems geared towards promoting a sense of urgency or is flagged as “high importance,” as counterintuitive as it is, the email might be spoofed. Pay particular attention to emails that demand a response “at your earliest convenience” and call on specific actions to be taken, like verifying information online. Typically, urgent matters are handled over the phone, so when in doubt, double check through another mode of communication.
- False hyperlinks. Hackers typically hide malicious links in hypertext within the contents of an email. Before clicking, hover over the destination address. If there is a mismatch between the text and the hyperlinked URL web address, there’s a good chance that the email is attempting to redirect you to a malicious site.
- Request for personal information. If you are asked for personal information or asked to verify your identity by clicking a link for example, be wary. Banks, for example, will never ask you for personal information over email. It only takes a second to verify the link before you proceed to click or download an attachment, and that can save you from dealing with the overwhelming burden and consequences that comes with a phishing attack.
Best Security Practices
Learning to spot inconsistencies and suspicious content within emails is a useful skill for anyone, but for marketers, sharing this kind of information with customers can make a huge difference in the effectiveness of campaigns.
Besides, regardless of tangible campaign success, you are also looking to build the trust of your customers by keeping your customers safe from cyber attacks that originate from email.
So, we would recommend adopting the following practices:
- Ask recipients to add you to their address list. Before you launch an email marketing campaign, request for your recipients to add your mailing address to their contact list so that your campaign emails will not go into the spam or junk folders. Doing this also means recipients will see warnings if a spoofed email (seemingly coming for your company) shows up in their inbox as senders who aren’t in their address book should be flagged.
- Authenticate your email. Authenticating your email is a great way to prevent phishing attacks even before they reach your customers’ inboxes. This is possible because email authentication ensures that the server that sends the email has the right to use the domain name listed in the message’s header (the “from” field) in the first place, thus “verifying” the legitimacy of the sender. As a result, email authentication works like a security tool.
- Add disclaimers. Adding disclaimers to the bottom of your emails and reminding customers that you will never ask for financial information and other sensitive information via email can help recipients spot the red flags in future spoofed emails if they ever receive them. Even if you have email authentication in place, a difference in a letter can mislead recipients in believing they are receiving legitimate emails from you.
- Generate general security awareness. We’ve shared our own tips for spotting phishing emails but educating your customers on these warning signs benefits your campaigns as well. Besides just including disclaimers at the bottom of your emails, launching a short campaign on online security can reap long term benefits.
Email marketing is a powerful tool, and responsibility should come from your company and your employees.
Before you launch an email marketing campaign, it’s crucial that you place importance on security as a first step to making sure your emails reach your customers with the right impact. Taking some basic measures to protect your customers from email-based web attacks also means that you can focus on other aspects of your campaign, knowing its success won’t be hindered by spam filters and having your emails mistaken for spoofed phishing emails
How has security impacted your campaigns? Was it positive or negative? Share it in the comments!