Digital

What Phishing Can Teach Us About Email Marketing

The November 2018 #HITMC Twitter Chat focused on Effective Email Marketing. These chats are virtual crowd-sourced masters classes. I always come away with actionable insights that I can apply to my own work. This topic was particularly timely, as GLHC is in the process of developing a vertically targeted email marketing campaign to support lead generation in 2019.

There is a strong statistical case to be made for the value of business-to-business email marketing in Health IT. Unfortunately, that cost/benefit formula works without regard to the intent of the sender.

There are plenty of bad actors who, using social engineering, can hijack your email marketing presence. The threat this poses to customer relationships and brand reputation is severe.

I like to consider myself astute when it comes to recognizing scammers. Especially when it comes to written communication. However, I was recently reminded of how easy it is to be fooled.

A couple of weeks ago, as I was finishing a project, I received a desktop alert from Outlook. The only part of the message that I keyed into was that the email was from GLHC’s CEO.

GLHS is a small company, with a collaborative, “whatever you need” culture. So, when the “boss” asks for help, I made it first priority and responded. In my haste to be helpful, I did not notice the sender’s actual wonky email address.



It did not take this phisher long to see he had gotten a nibble. So he gave me a little more line.


At this point, you might think that I would recognize that something was a little off about this request.

After all, it would be faster and more direct for his assistant to help with this request.

Nevertheless, I did not. By this time, I was in our weekly staff meeting and again only paying partial attention. Besides, it is not unusual for me to occasionally purchase gift cards. I thought, “Maybe he thinks I have some WalMart gift cards on hand?” Regardless, I was still in “help” mode.


Here is where the phisher-man overplayed his hand, and I FINALLY realized that something was weird about this exchange.


These final instructions were SO outside the norm that it got my full attention. I caught the weird email address and called the CEO directly to confirm that the messages had not come from him.

I sheepishly admitted to my teammates that someone had tried, and nearly succeeded, to phish me. I also had our Security Team look over my laptop to assure that I had not inadvertently downloaded malware (I did not).

There were a couple of BIG takeaways for me in this experience.

The most obvious of course is that, I am just as vulnerable to this type of email scam as anyone else. Constant vigilance is the only way to avoid being taken advantage of.

But beyond the personal lesson, there are also insights into how I should construct our own email marketing campaigns to assure that the messaging delivers on the value that our brand represents, while avoiding our audiences’ spam filters.  Here are a few best practices I am taking up:

  1. Avoid using mismatched URLs in message text
  2. Authenticate your email
  3. Create a custom branded campaign domain
  4. Avoid using “phishy” sounding subject lines & keywords

As both marketers and consumers, we live on the receiving end of a constant deluge of email solicitations. At the very least, that reality should make us sensitive to the good, the bad, and the ugly in this medium. If nothing else this recognition and our distaste at being spammed and phished ourselves, should be motivation to make absolutely sure we spare our prospects and customers from getting it from us. After all, the integrity of our brands is built on customer relationships. Any good relationship is based on trust, and without that trust we are as dead as a mackerel.

About the author

Brian Mack

Brian Mack is the Manager of Marketing & Communications for Great Lakes Health Connect (GLHC), Michigan’s leading health information exchange. He is a healthcare marketing strategist, with over 25 years of experience in various practice areas including Health IT, Long Term and Post-Acute Care, Family Medicine, and Managed Care. Mack joined GLHC in 2014, and is tasked with the development and implementation of marketing strategy including brand management, public & community relations, corporate communications, and social media curation & engagement. Brian is active in the #HITMC and #HITSM communities, has been listed among the #HIT100, and was named a HIMSS Social Media Ambassador for 2018 and 2019.

Add Comment

Click here to post a comment

Learn Together

Whether you’re looking to for coverage of important healthcare marketing news or sharing a best practice so that others can learn from your experience, we’d love to have you as part of the community.

Subscribe >