You probably know what phishing is–an attempt to impersonate a legitimate website in order to trick you into revealing account information through an email that asks you to log into your account. The way it asks is the trick: it asks you to click on a button in the email to launch the website and log in. But when you click on that button, you are taken not to the actual website, but to the phisher’s site, where they happily collect your ID and password.
That ID and password might be valuable all by itself, depending on which website the phisher was impersonating. But even if it was a seemingly innocuous site, you might be giving valuable information to the phisher:
- Do you use the same password on multiple sites–even banking sites?
- If your ID is your email address, that can help phishers crack other, more valuable sites.
Now, I know this is a marketing site, so you might be asking, “What does this have to do with marketing?” Plenty. The way marketers send out their marketing emails is what gives phishers their opening.
Take a look at this email:
I don’t know if it is from eBay or not. I didn’t press the button to find out. And I didn’t bother to contact eBay to find out if it was from them or not. All I did was go to the eBay directly (without pushing the button) to see what they needed me to do. I didn’t really see anything there. So, this email might be from a phisher.
If it is from a phisher, it is well done–which is exactly why we all need to be teaching our customers to be very wary of clicking these kinds of emails. If this email is actually from eBay, then it is “safe,” but it is a terrible idea for a few reasons:
- You are expecting you customers to click on buttons in your emails to log on–exactly what we are trying to teach them not to do.
- You are doing this in the guise of protecting their account–even dumber.
- You are giving phishers a great target by sending emails like this. If you succeed in teaching your customers to click on emails like this, phishers will copy your emails and hijinks ensue.
I want to be very clear that I have no idea if eBay is guilty of making this error. But I know that marketers are still sending emails like this every day. Stop! Only when customers get the idea that none of these emails are ever a good idea to click on will phishers need to find a better way to steal our credentials.