The Personal Touch: What NOT to Do

During this time of the year, several companies are sending their customers a personalized greeting, thanking them for their business and looking forward to a continued relationship with them in 2008. This is absolutely something you should do.

However, here are two blunders I've seen companies make over the past week regarding these holiday messages. The names have been changed to protect the innocent.

Don't Use Signatures in Email - I received an email today from the CEO of a Hotel chain that I frequent. The letter was very nice, but their blunder was including the an image of the CEO's signature in the email. Today, many Phishers are picking up these signature images and using them in their fraudulent emails to add an air of legitimacy. Don't make the the job of these phishers any easier by giving them these images to dupe your customers with.

Target the Customer by Preferred Channel - Last week, a company that provides me a monthly service sent me a direct mail letter, again thanking me for my business, and also including a coupon for a free service from them to redeem when I mail in my next payment.

The only problem is I don't mail in my payments; I pay my bill online. I have for several years now. Even worse, there was no way to redeem the coupon online. To date, I have not received an email with this same offer, so it's safe to assume I won't be using this coupon because the company did not target me with my preferred channel.

If you're a retailer with a catalog and email buyers, target these buyers based on their preferred channel. Of course, you want to convert catalog buyers to become online or email buyers, but don't force them if they don't want to go. Instead, continue to speak to them in their preferred channel, while gently nudging them to try your online channels as well.

Phish on Friday: Free Gift?

MySpace has been in the news recently thanks to an identity-stealing virus masqueraded as a $500 Macy’s gift card.

The scam targets younger users through an email that appears to be from one of their MySpace friends. The embedded link redirects the recipient to a fake MySpace log-in where they are asked to re-enter their username and password. The phisher then takes this
Information to scam their friends with excessive SPAM, without the user even realizing. There are believed to be thousands affected by this scam – which has now been corrected, according to MySpace representatives.

As mentioned in yesterday’s article, the lesson here is to be cognizant of the information put on the channel and to make sure your web safety best practices are applied through this channel as well as online.

Happy Friday!

Spear Phishing

Scammers are becoming increasingly more sophisticated; yes, there are those who still pump out the countless faux-prescription drug offers, but some have taken a smarter approach. In a recent ComputerWorld article, Barbara Darrow explored the realm of C-level attackers – the snipers in the SPAM game.

In the article, Darrow explains how Spammers collect company and personal information on upper management – it’s a combination of data from your website and investor relations info combined with personal information from social sites liked LinkedIn. These C-Spammers then create an email that appears to be from the target’s direct report, colleague etc. The goal is to make the message appear to be from someone legitimate, so that the target will open and (unknowingly) deploy the virus/ worm via the included attachment.

According to Darrow, these attacks are on the rise for three reasons:
1) Execs are reading their own emails – rather than depending on an administrative assistant.
2) Emails are often being checked via a hand-held device, which is less secure
3) Social sites are on the rise, and there are more details out there than ever before

To combat these attacks you must first know they exist, other steps include the strengthening of network security (i.e. use the VPN or integrated portal to connect to access the network). Finally, be wary of social networking, you can participate (and benefit) without giving away everything.

Web 2.0 Dangers

Computerworld published an article today warning of the dangers to corporate security as a result of social networking…

I’ve lived the big-brother, mega-company life; I know that you can be tracked online and that IT can impose the most rigid restrictions; however as eMarketers, we are tasked with the responsibility of engaging our customer/ prospect base (therefore giving those IT guys something to restrict). So how do ride the wave of Web 2.0 with a huge IT cinderblock strapped to your ankle?

The tone of the Computerworld article seems to suggest that tighter controls are the answer. I disagree; my belief is that your customers and prospects will benefit if you educate them… but be subtle and make sure you’re offering killer service. This will help you benefit too.

It’s not all Bad
While I agree that the line between personal and professional online interaction (I’ve been guilty too) is blurred, closing shop is not the answer. Just figure out ways to co-exist.

If you accept online payments or eBanking, highlight points from your privacy/ security policy or tips that show you value the relationship and keep users safe. This could also apply to the links you provide (on your site) to any of your Web 2.0 ventures.

Above all, keep the user in mind… my parents generation didn’t have computers in school (my grandmother isn’t even sure what email is…) but everything as evolved. Today’s IT team may be forced to allow Web 2.0 ventures because that’s what the public expects and demands… closing up shop isn’t the answer.

Anti-Phishing Phil

Not exactly our Phil (the Cable Guy) but equally as informative – Carnegie Mellon University’s (CMU) Privacy and Security Laboratory has devised an online game to help raise awareness about phishing attacks.

The game, called Anti-Phishing Phil, features a cartoon fish named Phil, who swims around and is tested by eating or declining legitimate looking worms (websites). The whole time he has to beat the clock, avoid other scaly foes and the deadly hook.

The game is cute as well as informative; users are tested using real website addresses for banking and retail companies. Each section has a nice introduction that warns Phil of potential hazards – give it a try, they’re raffling off Amazon.com gift cards and it’s an opportunity to play video games at work!

Read more on the ComputerWorld site for more information on the drawing.

Catch of the Day

Online fraud is nothing new; it is however becoming faster, reaching wider and becoming an extremely effective way to swindle. With the increasing reliance on the internet and importance of email, fraudsters have been taking advantage of people and circumstances. Phishing and pharming are not new terms – as marketers we have to learn to deal with these, not only for our sake, but for the many people that we market to. Keep in mind the amount of time it takes to build up customer trust, and when you do build that trust up – one click could shatter everything.

The next three days will be devoted to online fraud and some scenarios. We will also offer you some best practices on how to help circumvent the impact of these instances.

Phished
A hurricane strikes the coast leaving behind millions of dollars worth of damage and thousands of homeless people. You wish you could do something to help. Then you check your email. It’s as though someone read your mind – there in your inbox is a request for donations through a very well-known and highly reputable charity; a picture of a family in front of their demolished home stares back at you as you type in your credit card number. The hurricane was real but the charity was impersonated.

You’ve been phished
The above scenario actually took place during Katrina; it still takes place every single day. I put my house up on the market and was surprised to find that the 'unique' email ID that I used has suddenly popped up at a number of different places. If the phisher was smart, they would take the time to send me one offer, and try to be persistent. Instead, they are trying to get me to open one of about 30 emails that I receive every single day.

Phish on Friday: ePhish on eBay

How long is too long when responding to a phishing threat? eBay is taking a bit of heat for waiting approximately an hour after a fraudster began posting the confidential data on their site.

Yesterday’s ComputerWorld article reports that over 1,200 members had confidential information listed, included credit card numbers. eBay believes that the data was falsified to cause public concern and has contacted all affected users via telephone. According to an eBay spokesperson, the company shuts down more than two-thirds of phishing spoof sites within 24 hours.

Here are a couple points to avoid potential problems:

CUSTOMERS

• Be wary of online activity – be certain that your information is accurate (email, phone etc.) so that companies can reach you if necessary.
• Also be mindful of phishing scams as well as how to avoid falling victim.

VENDORS

• Realize that there is no silver bullet to stop phishing – just be prepared for how to act when it occurs. BUILD A PLAN!
• There are third party organizations that focus on protecting companies against phishing; research and collaborate if you’re not ready to devote internal resources.
• Read best-practices and the latest in the trends to help avoid possible phishing scams.

Parisian Twin to host SIA!

I received an interesting call from Diner’s Club yesterday asking me to validate some of my credit card transactions – some were mine, some were not.

From what I’ve learned, my number was stolen, a duplicate card made and then tested with a few small transactions. This duplicate card was sold to someone who tried to use it at a hotel in Paris; well the gendarmes (French Police) swept in and arrested the crook.

Since my call yesterday, I’ve spent a lot of time trying to figure out how my number was procured, and it seems that a Chicago-based merchant made an imprint with a pocket card scanner. According to Diner’s Club, a number of similar instances have resulted from this particular merchant (real owners using their card there).

In total, I spoke to six Diner’s reps, ironically the first five had no idea about the actual issue; however, when I did get to the right person, they made amends and gave me some points to lessen the inconvenience. In addition, he used a bit of ingenuity to sign me up to receive the Diner's newsletter along with email alerts if this should ever occur again. I was very impressed and wanted to pass along to anyone with a call center – spend the bucks, train the center and get them in the email marketing game – you can only win.

Unfortunately, I’ve been unable to get any additional information on the person who bought my phony card – I was hoping to invite them to this month’s SIA call (September 28), to get their take on the holiday communications focus. We’re planning to highlight some of the great things you all have been doing, share effective campaign ideas to help you get closer to your customers and prospects, increase email id collection and share some social media avenues to help with marketing – YouTube, MySpace, Blogs, Twitter and custom games.

Retailers, catalogers, banks, credit unions, not for profits, travel and entertainment companies alike can leverage the upcoming season to drive effective email communication. So in conclusion, I have a couple parting points:

1. Monitor your credit card statements closely


2. Mark your calendar for the next SIA Call – September 28, at 2:00 PM EST

DOH !

Unless you’ve been on another planet for the last 18 years, you’ve heard of The Simpsons, it’s one of the shows I typically watch each evening while trying to wind-down (thanks Fox!)

But there’s more than a big movie premier for the Springfield-ians, they’ve sparked retro SPAM campaigns – my guess is that Robert Terwilliger (AKA Sideshow Bob) isn’t behind these, mainly because the SPAM emails aren’t plotted toward world (or financial) domination – at least on the surface. This scam is like some of the original SPAM games, where the recipient’s email address is validated when he/ she clicks in the message, opening them up to additional SPAM. I’m guessing Homer is the culprit, since his website outing other town’s people was shut down. Maggie – pull the ISP connection, please!

Read more on the ComputerWorld site; and go for the Strawberry Frosted at Dunkin' Donuts, they're the closet to the now iconic treat (and taste great)!

Phish on Friday? (Précis or Phish?)

Test your phish-finding tactics, the fine folks at Digital Inspiration have put together a ten-question quiz to see how adept you are at spotting fake websites and spam emails. This blogger passed, will you?

The Q&A includes some sites that I use fairly regularly – my bank and Amazon. Thankfully, I got those right; I would have been in trouble if I had a Pay Pal account!

Test your knowledge and let me know how well you do. Happy Testing!