I’ve written about ransomware attacks quite a bit in the last few months. IT companies want to educate their corporate clients about the latest and most dangerous cyber threats, and ransomware is often at the top of the list.
Here’s how a ransomware attack typically works. A hacker will send a phishing email with a malicious link or attachment. When the link is clicked or the attachment is opened, malware is automatically downloaded to the victim’s computer or mobile device.
This malware will encrypt or block access to the user’s information systems and data. The hacker will then offer to decrypt or restore access in exchange for what amounts to a ransom payment.
In some cases, the ransom demand is just a diversion while the hacker goes through the corporate network undetected and steals sensitive data. It’s scary stuff.
Although a hacker can’t be trusted to live up to their end of the deal, ransoms are often paid. The cost of the ransom is typically far less than lost revenue and costs associated with investigating the breach, notifying all affected parties, dealing with a public relations nightmare, and losing the trust of customers, vendors and business partners.
That’s a big reason why the number of ransomware attacks doubled or tripled each quarter in 2016, according to an Osterman Research report.
A Ransomware Hacker’s Most Valuable Skill
When most people think of a hacker, they think of a computer nerd sitting in their parents’ basement with their nose six inches from the monitor, trying to figure out how to break into a network and get their hands on valuable information.
But when it comes to ransomware attacks, the hacker doesn’t spend hours writing code or trying to crack passwords. They typically use malware developed by someone else and just plug it into the link or attachment.
It’s not about being a technical genius. Because most of these attacks require the recipient to take action, the hacker’s most valuable skill is the ability to convince people to click the link or open the attachment and then pay the ransom.
How Hackers Get People to Click and Pay
Although some email scams are laughably obvious, most are more sophisticated than those that claim a distant uncle in Zimbabwe wants to wire you $5 million.
A hacker will find out what department within a company should be targeted. They may go as far as to find out which individuals in that department should be targeted. They may use social media to find out about the victim’s family, interests and professional background.
After the hacker finds out what makes the targeted victim tick and click, they work to earn their trust.
They make sure the email’s headline and content are believable and compelling. They use logos, visuals and a brand voice that are consistent with the organization they’re impersonating. They often create a value proposition or offer incentives that seem perfectly reasonable.
Once a victim is hooked and malware has been downloaded, things can get dicey. Scare tactics and intimidation are all too common. But some hackers will pose as IT support who can help you restore your files, as if they’re riding in on a white horse to save the day. They keep trying to earn your trust so you’ll take the desired action.
Does any of this sound familiar? Isn’t this what all email marketers should be doing, but in an authentic, non-criminal way?
Research. Earn Trust. Be Helpful. Solve a Problem.
Hackers are going to great lengths to use email to deceive people and commit crimes. We as marketers should work just as hard to use email to help people, earn their trust, and earn their business.
Sad thing is, many legitimate emails I receive, even from major brands, are less compelling than the scams. Headlines are vague and say nothing to spark my interest. The value proposition is weak or non-existent. The offer is the same. Every. Time.
If I get another “buy one get one half off plus 15 percent off” from Famous Footwear, or “20 percent off clearance items” from MLB Shop, I may just lose it.
Cyber criminals are scumbags. But they’ve been doing their marketing homework, and a lot of businesses could learn a thing or two from their approach, which is often consistent with basic, tried-and-true marketing principles.
Email marketers should:
- Research the target audience and segment email lists.
- Make the email look and sound believable, trustworthy and consistent with your brand. If you have to try too hard to be authentic, you’re probably doing it wrong.
- Write a headline that quickly and powerfully conveys how the recipient will benefit from opening the email. Set expectations.
- Write content that quickly and powerfully conveys how a problem will be solved if the recipient takes action. Establish the value proposition and preview the outcome.
- Use content and visuals that are relevant to your target audience and reinforce the company voice.
- After the user clicks, deliver an experience worthy of their time and a product or service worthy of their investment.
First, take it a priority to educate your staff about spotting suspicious emails, develop a policy for preventing and responding to ransomware attacks, and deploy antimalware that detects malicious links and attachments.
I’m using ransomware in this context to make a point about email marketing, but businesses and regular people like you and me need to take it seriously from a security standpoint.
Second, if you expect your email marketing to grab the attention of device-juggling multi-taskers and deliver the ROI it’s capable of delivering, you have to do more than say it and spray it.
Approach email marketing, and any type of marketing for that matter, thoughtfully and strategically with sound marketing principles and the needs of your target audience in mind.