South Africa is the most phished country out of the top 10 geographies surveyed in the latest Symantec Internet Threats Report 2014.

Brands that have been the target of phishing attacks can no longer opt to do nothing. If you represent an organization that has between 250 and 2500 employees, you have to implement strategic and tactical programs to educate and safeguard your customers. You can either:

1. Tell your customers you will never send emails with links, OR
2. Educate your customers as to what your branded emails will always include and will never include.

You may never send links in your emails, but your competitors, companies in other sectors and criminals will continue to do so. This means consumers are familiar with and even expect click-throughs in emails.

Unless your customers are constantly mindful of your “no link” approach: when they receive a branded email that does have a link, they are likely to click on it simply because they haven’t been educated as to how to differentiate between a legitimate email from your brand and a phishing email.

If you fail to educate your customers about protecting themselves in general, some will click out of pure ignorance or forgetfulness and it’s as likely to be on an email spoofing your brand as with any other brand. Therefore you cannot truly expect your shared consumers to never click on links in supplier emails, because one supplier has taken a “no links” stance.

It’s likely your competitors are using links to leverage the power of email, therefore excluding links in your emails limits your marketing efforts and leaves you at a major disadvantage:

  • You are limited to merely presenting your brand in an email – no links precludes you from presenting marketing offers across all your valuable email traffic, or from encouraging website visits to leverage your online services and reduce call centre traffic.
  • You lose the opportunity to open a dialogue with your customer – using email to prompt interaction which means you are missing valuable feedback opportunities.
  • You can’t measure the success of your various email initiatives – whether marketing, transactional or operational emails, no clicking means no activity tracking and no insight into what works. You also cannot measure Return on Investment on a specific email offer.
  • You are not able to encourage your customers to self-serve by providing links to online services, FAQs and instant chat support.

As an example, PayPal includes a very clear and definitive footer in their emails – see below:

How do I know this is not a fake email?

An email really coming from PayPal will address you by your first and last names or your business name. It will not ask you for sensitive information like your password, bank account or credit card details. Most fake emails threaten that your account will be in jeopardy if you do not take action immediately. An email that urgently requests you to supply sensitive personal information is usually an attempt at fraud. Also, fake emails often contain misspellings and grammatical errors aor are written in a language which you did not set as preferred for your PayPal account. Remember not to click any links in suspicious looking emails.

Click here to learn how to defend yourself against phishing and spoofing.

If all brands stick to this formula when sending email, eventually broadcast phishing will die out and we can all start tackling the next wave of cyber-criminal innovation.

For now we can help you take the necessary steps to safeguard your customers against phishing attacks.