With so much of our business and personal lives happening online, it’s no surprise that phishing has become more prevalent in today’s culture. Email users are particularly at risk for being taken advantage of because email addresses are an easy data target for scammers.
The prevalence of these attacks is higher than ever and running these schemes has become a sophisticated practice. The key to running a successful phishing scam is creating a copycat of a secure website that can fool even the most alert and informed visitor. Fraudsters often use similar links or URLs that would easily go unnoticed and have gotten exceedingly good at scamming email subscribers by mimicking brands, down to the design and logo. Without a watchful eye, it’s easy to be tricked by these emails and websites into sharing personal information, such as credit card details or passwords.
Once you enter your username and password on a fake website, it’s hard to stop what comes next. Here are ways to prevent being scammed in the first place:
ALWAYS check the website first. There are two telltale signs of fishy behavior. The first is that scammers try to obscure the actual domain portion of the URL (aka anything preceding .com, .net, etc.). Anything that comes before the domain, such as signin.website.com, is a subdomain; but beware of links like website.signin.com.
The second red flag is that scammers will often try to direct you to unsecure websites. The “s” in https://www.responsegenius.com means that the website is secure; these sites are the safest for browsing, purchasing, and sharing login credentials. To be safe, you’re better off avoiding unsecure websites whenever possible – even if you know they are real.
Avoid emails and links from people you don’t know – and remain skeptical of those from ones you do. Stranger danger is something you’ve heard thousands of times but it’s always worth repeating. Clicking random links or opening emails from people you don’t know could quickly direct you to a malware-hosting site or another fraudulent scheme.
Scammers are adept at mimicking everyday people and institutions you come in contact with, including your bank, cloud-sharing and storage services, and more. It’s important to remember that all reputable organizations would never ask for sensitive information via email, and often employ multiple layers of authentication to access your records. If you are concerned one of these institutions is really trying to get in touch with you, avoid the link and login to the service directly on their secure site or app.
Look for weird language. Thanks to email personalization, very few brands send generic emails anymore. Beware of emails – especially from brands and institutions you do business with – that address you as “dear”, “sir/madam”, or simply say “hi” or “hello there.”
Scammers will also employ strong call to actions by using words and phrases like “urgent” or “act now.” No company that you do business with, especially those that hold sensitive information, will have you take action via email (beyond actions like verifying an email address or account settings).
Take every precaution with your credentials. There are four key practices for making sure your login information doesn’t end up in the hands of the wrong person:
- Change passwords frequently
- Don’t use identifiable information – such as name or birthdate – in your password
- Use a password manager for easy sign-in on secure site
- Avoid sharing your credentials with anyone, even people you know
The lesson for email marketers is to avoid any suspicious email design or strategies that give the impression that your legitimate marketing campaigns could compromise your recipient’s sensitive data. Always use email best practices and website safety. If it looks suspicious, your recipients will probably think it is and ignore it. Email marketing can be tough enough, don’t give anyone any reason to distrust yours.
Let ResponseGenius help take your email marketing to the next level – hello@responsegenius.com
