3 Near-Death Experiences for Email Marketing
These attacks are challenging because spear phishers are smart adversaries and they operate with an insider's knowledge of how your ecosystem works. They know the roles and relationship between us, and attack one of us to get at another — whomever might be the ultimate holder of the data they're after. What’s more, they make clever but perverted use of your own best practices — relevancy and personalization — to induce you to open their email. And once you do, the malware it contains steals access credentials to your databases and deployment systems, allowing the perpetrator to hijack your own data and systems to send malicious email to your customers, partners and suppliers. This fraud exploits your good name and reputation and misappropriates your authenticated domains and IP addresses for criminal ends.
Aside from the great brand and monetary damage done to victimized companies, these attacks are dangerous because of how they’re subverting the trust relationships that underpin your ecosystem. You should all be concerned about the cumulative impact of these attacks, about how they’ll erode the trust consumers have in companies and their willingness to share the data that makes digital communication possible. You should also be concerned about the erosion of trust you have in each other, the diminished vitality of your ecosystem and your impaired individual and collective effectiveness.
Fundamentally, the preservation of trust (and your future success) depends on a safe and secure messaging environment. That’s what makes the insidious nature of these spear phishing attacks so alarming. The only thing more alarming is the inadequacy of our industry response. Sure, the OTA, ESPC and others have issued business practice guidelines and some ESPs have reached beyond their competitive differences to compare notes. But our response hasn't been commensurate to the threat. Too few have taken heed. Overall, our response has been uneven, fragmented at best.
With news of each attack there’s been much talk, hand-wringing and chest-thumping, but little definitive action. As marketers, you persist in the belief that security is someone else's problem and seem content to bury your heads in sand hoping against hope that the spear phishers will pass you by, which, of course, they won't if you've got data they want or can provide access to someone who does. They prosper at your expense, thrive on your inaction.
Will email’s third near-death experience be one from which we emerge stronger? Or will we allow the spear phishers to succeed in destroying our trust relationships and email marketing in the process? Will we commit suicide by our inaction? The answer lies largely in what we individually and collectively do from this point forward. The solution to the spear phisher threat lies in the combination of the right messaging technology and business best practices. It starts with an awareness of the threat and an abiding, sustained commitment to safe and secure messaging as a guiding principle for the future of email marketing. As marketers, that’s a principle you must embrace and champion within your respective companies and industry.
Related story: Managing Risky Client Practices and Ensuring System Security