Horsemeat found in email marketing?

Last month, the Lord Nelson pub in Southwark started selling horse burgers. Yep - bona fide 100% horse. No beef. No bull. As well as providing an unusual spin on the food scandal, it also inspired a CNN reporter to see if she could tell the difference between the gourmet horse burger and a beef burger. Plates “one” and “two” were brought to her, and the discerning food critic, erm – Burgerac, then set about trying to tell which was which. They looked identical. Both delicious. Both appetising. Actually she guessed correctly – the horse burger was more “gamey”. But it wasn’t immediately obvious, and having the “real burger” for comparison surely helped.

Phishing – the horsemeat of email marketing
But, what’s that got to do with email marketing? Well, not much, but there’s a nice analogy between this and the regular “spot-the-difference” task that consumers face when receiving emails from brands they trust: telling the difference between genuine marketing communications and phishing attempts. And just as the horsemeat scandal has turned out to be more widespread than an isolated incident in a Tesco lasagne, you might also be surprised at just how prevalent phishing is. One article I read suggested that 70% of internet users have received a phishing email and 15% have been duped into providing personal information. In 2012, phishing was a $1bn industry.

As tech-savvy marketers, we probably find it hard to believe that so many people would part with their bank details to collect their inheritance from an unknown relative in Nigeria. But just as email marketing has improved in sophistication, so too have the phishermen. Nowadays, email marketers could even learn a few best practices from these phishing emails. I still get emails from brands that don’t use a regular “from” name, whose subject lines look spammy or whose personalisation attempts go wrong.

Spot the difference between a phishing and genuine email
So here’s a quick quiz for you. I received two emails from PayPal, one via outlook and one via Yahoo – which is the phishing attempt? You’ve got five seconds to decide. A or B?

A B

Well, when you look closely, and have a real “beef” email to compare it to, it’s quite obvious, that A is the phishing attempt but it’s a pretty smart attempt. The format has been mirrored exactly, the “from address” has been made to look genuine. The urls also look kosher eg paypal.com/help, but when you hover it, you can see the link actually directs you to a site in Russia. You can see why someone might easily click for help, to ask about this erroneous transaction.

And here’s another one from LinkedIn – what do you think? Horse or beef?

100% horse, of course. But this message is identical to the multiple reminders that arrive in our inbox. It is perhaps only the schoolboy error of including multiple recipients that points to phishing.

How to spot a phishing email
The basic tips on ways to spot phishing attempts are obvious. If the email message is telling you to do something such as 'update your details here' then be suspicious - normally your bank will tell you the complete opposite - that they will never ask you for your personal information via email. In terms of more subtle phishing attempts with malicious links, check that the “from name” email address is genuine and not just a label, and check what the url says when you hover over it. Also watch out for “typosquatting” eg links with misspellings like “micosoft.com”

How to stop genuine emails from looking like phishing ones
When tracking urls are added to email, you can also see how the consumer might become even more confused. What’s the difference between a malicious url and a tracking url from a customer perspective? Both will look like gobbledegook. This is why marketers also need to get smarter about adding CNAMES to their tracking. A CNAME allows you to associate one domain name with another, and is your way of telling the world via Domain Name System (DNS) that the tracker domain is authorised to handle clicks on your behalf. Only the legitimate owner of the sending domain's DNS records can do this.

As well as being clearer for the consumer when they “hover”, mail clients are also more likely to automatically display images inline. Outlook is far less likely to flag the message as a phishing alert and email messages are more likely to end up in the recipient's inbox instead of being mistakenly redirected to their Spam folder. By including a CNAME in your email tracking, whether in newsletters or in employee emails, you will be doing both yourselves and your clients a favour and they won’t have to wonder if it is horsemeat or prime beef they are looking at.

Fiona Robson, Managing Director, Rocketseed