The November 2018 #HITMC Twitter Chat focused on Effective Email Marketing. These chats are virtual crowd-sourced masters classes. I always come away with actionable insights that I can apply to my own work. This topic was particularly timely, as GLHC is in the process of developing a vertically targeted email marketing campaign to support lead generation in 2019.
There is a strong statistical case to be made for the value of business-to-business email marketing in Health IT. Unfortunately, that cost/benefit formula works without regard to the intent of the sender.
There are plenty of bad actors who, using social engineering, can hijack your email marketing presence. The threat this poses to customer relationships and brand reputation is severe.
I like to consider myself astute when it comes to recognizing scammers. Especially when it comes to written communication. However, I was recently reminded of how easy it is to be fooled.
A couple of weeks ago, as I was finishing a project, I received a desktop alert from Outlook. The only part of the message that I keyed into was that the email was from GLHC’s CEO.
GLHS is a small company, with a collaborative, “whatever you need” culture. So, when the “boss” asks for help, I made it first priority and responded. In my haste to be helpful, I did not notice the sender’s actual wonky email address.
It did not take this phisher long to see he had gotten a nibble. So he gave me a little more line.
At this point, you might think that I would recognize that something was a little off about this request.
After all, it would be faster and more direct for his assistant to help with this request.
Nevertheless, I did not. By this time, I was in our weekly staff meeting and again only paying partial attention. Besides, it is not unusual for me to occasionally purchase gift cards. I thought, “Maybe he thinks I have some WalMart gift cards on hand?” Regardless, I was still in “help” mode.
Here is where the phisher-man overplayed his hand, and I FINALLY realized that something was weird about this exchange.
These final instructions were SO outside the norm that it got my full attention. I caught the weird email address and called the CEO directly to confirm that the messages had not come from him.
I sheepishly admitted to my teammates that someone had tried, and nearly succeeded, to phish me. I also had our Security Team look over my laptop to assure that I had not inadvertently downloaded malware (I did not).
There were a couple of BIG takeaways for me in this experience.
The most obvious of course is that, I am just as vulnerable to this type of email scam as anyone else. Constant vigilance is the only way to avoid being taken advantage of.
But beyond the personal lesson, there are also insights into how I should construct our own email marketing campaigns to assure that the messaging delivers on the value that our brand represents, while avoiding our audiences’ spam filters. Here are a few best practices I am taking up:
- Avoid using mismatched URLs in message text
- Authenticate your email
- Create a custom branded campaign domain
- Avoid using “phishy” sounding subject lines & keywords
As both marketers and consumers, we live on the receiving end of a constant deluge of email solicitations. At the very least, that reality should make us sensitive to the good, the bad, and the ugly in this medium. If nothing else this recognition and our distaste at being spammed and phished ourselves, should be motivation to make absolutely sure we spare our prospects and customers from getting it from us. After all, the integrity of our brands is built on customer relationships. Any good relationship is based on trust, and without that trust we are as dead as a mackerel.
Add Comment