With 2018 now upon us, many companies will be making new moves and trying new marketing strategies, but email marketing will still play a vital role. Unfortunately, this also means that email fraud will still be with us throughout the new year. To be effective, email marketers will have to understand this problem and know the best ways to mitigate it.
What will they be up against in 2018?
Spam: imitation marketing
Just as the spam in a can is an inexpensive substitute for more recognizable lunchmeats, spam emails – unwanted and often poorly composed messages – are a cheap facsimile for legitimate email marketing that seeks to convert by pursuing quantity over quality. Speaking of quantity, according to Cisco Talos, spam comprised 85% of all email messages sent across the globe last November. With legit marketing emails vastly outnumbered by spam, the very consumers you’re trying to reach may think your messages are just another spam email, and delete it.
Instead of trying to beat the spammers by resorting to their tactics, like obtaining lists of valid email addresses from trawling online message forums or buying them from other spammers, marketers should only send email to those who’ve opted in (e.g. by submitting their email address on your website, or checking a box to receive email notifications when placing an order on your site).
Spoofing
When pure volume doesn’t work, dishonesty can give senders an edge, and that’s where “spoofing” comes in. Spoofing refers to the ways an email can be made to look like it has come from a legit, known, and trusted source when it has in fact been sent by a fraudster.
Emails offer many fields that can be tinkered with to fool the recipient. Two of them are in the sender’s address: the account name (the part before the “@”) and the domain name (the part that comes after the “@” and usually ends in “.com”). For example, if your company is called “Jim’s Jumpsuits”, and your website address is: www.jimsjumpsuits.com, a spoofed email might have a sending domain of jimjumpsuits.com, jumpsuitsbyjim.com, or even the actual domain of “jimsjumpsuits.com”.
A legitimate-ish sending address makes the email seem more legit, and thus more likely to be opened, and any links inside it to be clicked, including links which ask the victim for info such as their credit card number, expiration data, and security code. This is one way fraudsters steal credit card info which they then use to commit ecommerce fraud. Although there certainly are vendors which provide ecommerce fraud prevention to the merchants, a customer’s best protection is diligence.
To counter this forgery, email marketers should use a custom “from” address which is used in all email communications with consumers. This way, the recipients will become familiar with the legit name, and thus more likely to screen out spoofed emails and open yours. To make this even more effective, use your existing points of contact with your customers (such as your company webpage and email receipts of orders they’ve placed) to educate them about this official address. A message often repeated, often sticks.
Gone phishing
While email spam may be the scattershot Hail Mary pass of shady outfits, “phishing” is the targeted baiting of a target by a patient scammer. Phishing emails not only spoof the sending domain and address, but also the logos, branding, font, color scheme and other visual messaging of a brand in order to trick the recipient into opening the email (often with an urgent-sounding subject line) and clicking a link in the message which leads to a webpage controlled by the fraudster, one where the victim is tricked into entering in personal info like account passwords, PINs, and other data. Since phishing emails are such convincing fakes and can yield such sensitive information, they’re the tool of choice when hackers want to steal an identity or infiltrate a corporate network.
Here’s how you can counter. First, educate your customers on what to look for in all suspicious emails (like a match between a link’s text and the destination URL it leads to) and train them to go to the company’s actual address by typing it in their browser. Since phishing attacks often exploit the “web of trust” between you and your suppliers and partners, push them to use stronger security measures like stronger passwords and two-factor authentication.
Although spam, spoofing, and phishing aren’t new strategies, the tactics fraudsters are using to accomplish them are constantly evolving. By taking proactive steps like customer education, you can both make your customers more likely to engage with your messaging, and less likely to fall victim to the scammers.
About the author: Benjamin is a seasoned writer and technology enthusiast. He has written various articles on the topic of cybersecurity, e-commerce, and customer experience solutions and continues to research the latest state-of-the-art digital tools. In his spare time, Benjamin enjoys reading finance magazines and outdoor sporting activities.