|
Number
35: January 14, 2004
If you think your friends and colleagues would enjoy this newsletter
feel free to forward it to them. If someone
sent this to you,
today. Outlook 2003 and AOL 9 users, please add us to your trusted or buddy lists, so you won't miss an issue.
This week in Katydid:
Big
Phish Tales Require Policy Updates
No, it's not the latest
movie from Tim Burton (go see it), but the latest twist in a long
tale of Internet scams. It's called 'phishing' and it's a technique
used in identity theft. You need to know about it not only because
you might be caught, but also because it could affect your customers.
'Phishing'
might sound like a new term but it's been around since the mid '90s when
hackers (phreaks back then – hackers use 'ph' more compulsively than Price-Phister)
used the term for AOL accounts they broke into the old-fashioned way –
by asking people for their account information.
This, of course, led to the ubiquitous warning from AOL to,
"Never give out your account information online. AOL will never ask
you for your password."
The modern phish hooks are spoofed e-mails from companies asking you
to update your account information. These are usually from financial
institutions, but eBay, PayPal, and online stores such as Amazon have
been spoofed as well.
It used to be easy to tell these apart from legitimate e-mails. They
had bad HTML formatting, oddly clipped graphics, and incorrect grammar.
Additionally, if you were foolish enough to click the links, the web
sites' URLs were always suspiciously long and filled with odd
characters.
Not only are the newer e-mails more sophisticated and difficult to
distinguish from legitimate e-mails, but hackers now exploit a bug in
Microsoft Explorer which allows them to show you a fake URL in the
browser's address bar. This means you can get an e-mail that looks like
it's from PayPal, which includes a link to a site that looks like
PayPal's site, and the link in the address bar will show www.paypal.com.
In reality, it's some hacker's site and he's waiting for you to come
along and give away all your personal information.
To see how it works, Secunia, a Danish security firm, has posted
a test page. Unfortunately, Microsoft has not released a patch yet
for this problem though they do offer
some advice. (Check it out for fun – at one point they actually
suggest typing JavaScript into the address bar.) Making matters worse,
the incorrect URL appears even when you roll over the link in your
browser window, and since Microsoft products like Outlook use Internet
Explorer, many common applications are affected. Of course, you could
always use another
browser.
If you have a little HTML experience, one trick is to right-click the
e-mail body and select View, Source. This will open your text editor to
show you the actual code and even a neophyte can tell if something
phishy is going on. If you're suspicious, it's always worth forwarding
the message to the real company.
You could avoid clicking any link that seems suspicious, but
companies often use e-mail to remind their customers to update expired
credit cards, or to pay their bill online. In these cases, you should
just type the company's URL into the browser yourself and access your
account information from there.
This practice, though, goes to the heart of marketing, which is
establishing trust and credibility with clients and customers. If you
provide account information online, you need to establish a policy for
contacting customers and then clearly communicate that. For example,
PayPal advises their customers that they will never ask for account
information via e-mail. Further, they remind their customers that they
will always address them by name rather than 'PayPal Member' in the body
of the e-mail.
Consider setting a policy of using plain text for critical account
announcements, or including the plain text URL in the body as an option.
(i.e., "Click this link or type the following URL into your
browser.")
Communicating your policy ahead of time will shore up your
credibility with clients and customers. It shows that you value their
trust and will do everything to protect their security. It also shows
that you're alert and proactive.
Finally, I've come across one company, Netcraft, that offers a service
to help companies track down sites that may be using their logos and
trademarks unlawfully. They also claim to be able to track occurrences
of spamming with your identity.
Whether it's your personal identity or your brand identity, you want
to make sure you're aware when others pose as you.
Top »
The
Dark Future of Marketing
Word Spy, a
web site that tracks new word usages, selected 'neuromarketing'
as the Creepiest Word of 2003. Neuromarketing is an emerging science
that uses technology such as magnetic resonance imaging (MRI) to
identify strong responses to marketing in the human brain.
The part of the brain associated with self-image activates most
strongly to marketing images that the person prefers. Marketers have
always strived for brand identification, which means to see the product
as an extension of self. Brand identity at this level causes someone to
tattoo your logo on his or her skin. A few companies, such as
Harley-Davidson and Apple have this kind of appeal.
Does this mean that we, as marketers, will eventually get inside the
heads of our customers? Are we going to be able to manipulate them into identifying with our brand, or merely harass them endlessly?
The motion picture, Minority
Report, painted a picture of the future where all marketing is
individualized. In the film, lasers scan the retinas of passers-by,
which advertising programs use to identify them and update billboards and kiosks with personalized
advertisements.
Well, science fiction is generally less about predicting the future
than it is about drawing a caricature of the present. We give away a
great deal of personal information now. Many marketing messages come
personalized. However, personalized is not the same thing as
individualized.
I don't fear a future where I am accosted walking around the mall
with messages about what would make a lovely anniversary gift for my
wife. We're experts now at avoiding advertisement and we'll only get
better. A more accurate portrayal of the future for Minority Report
would have shown nearly everyone walking around with mirrored
sunglasses.
The real impediment to individualized marketing is not the
limitations of brain science or the reach of technology. It's human
effort. It's just too much work to create all those individualized
messages. Even if you can categorize customer behavior into small
groups, it will always cost too much, take too long, or be too difficult
to create messages unique to every person. Most companies struggle to
identify one value message that resonates for most people.
However, an ideal vehicle for individualized marketing already exists
– an instrument that instantly analyzes a potential customer's behavior
and adapts value messaging appropriately. It's called a salesperson.
Top »
Thanks for Reading
This e-mail newsletter spreads mainly by word of
mouth. Please send it on to your colleagues. Also, you can
read other back issues.
If you have suggestions of web sites to review, writing that buzzes,
or a new way of looking at things, let me know. Send your suggestions to
.
If you received this newsletter from a friend, please
today. Our subscriber lists are confidential; we never sell or rent our
lists to third parties. If you want to
from this newsletter,
please let us know.
Kind regards,
Kevin Troy Darling
Top »
|
