We received a question recently from one of our readers:
I work in a financial services firm where most of us agree that links are common in emails, but our Security group believes the best policy is to tell clients not to click links in emails. How can we continue to market to clients via email, including links to offer pages, our site, etc, but also help educate our clients about email security?
If you are working in the financial institution sector, your clients may see a great deal of phishing emails. These are email sent under the façade of your company’s brand requesting private and sensitive data regarding an individual’s account.
Attackers may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts. – The United States Computer Emergency Readiness Team (USCERT)
USCERT gives helpful hints on how to educate your clients on what to be on the lookout for. You may want to pass this information on to your clients when they first opt-in as well as periodically throughout your marketing program:
- Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
- Don’t send sensitive information over the Internet before checking a web site’s security.
- Pay attention to the URL of a web site. Malicious web sites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
- If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a web site connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group (http://www.antiphishing.org/phishing_archive.html).
- Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic.
Educating your clients on what to expect from your company or organization as well as what to be on the look out for, will allow you to successfully prevent phishing scams from being successful.
In addition, if you are including email marketing as a part of your marketing plan, it’s important to keep best practices in mind. Regardless of whether you are a financial institution or not, it’s important to engage your audience and also analyze your campaigns performance, which can be very difficult if there isn’t any click through activity available. In addition, depending on your business objectives, you may be able to include a statement regarding your own email marketing campaign that states you will not require personal information and take them to a public location.
Bottom line, if you reinforce what your subscriber opted in for including content details and frequency, your subscriber will know what to expect. That coupled with educating clients on what to avoid will create a subscriber who have an understanding of what’s safe to click and what isn’t.
If your institution is adamant against you using links within your email campaign, consider sending your subscribers notifications of upcoming promotions and insert those into their account portal. While not ideal, it could be a compromise that is worth testing.
Sally Lowery
Director of Lead Acquisition at Bronto
Related posts:
- Gmail's New Phishing Alerts Earlier this month, I was doing my routine sweep of...
- Bronto Clients Hit The Big Time One of my favorite parts about being an Account Manager...
- AOL Disabling Images in Online Mail Clients AOL recently rolled out a new web based mail client...
{ 0 comments… add one now }