▷ Phishing and spam in times of the corona virus

Shops and restaurants closed, hotels empty, the coronavirus pandemic has practically paralyzed France in recent weeks, and many small and medium-sized businesses find themselves in a dangerously precarious situation…

But necessity is the mother of invention, as we all know, and many entrepreneurs have taken their business to the Internet, where there are no viruses that harm the human body. And customers transfer their purchases to the Internet even when the shop doors are closed. This has consequences: According to e-mail providers, e-mail use has increased sharply since the beginning of the Corona crisis, as have purchase e-mails…

In principle, this development is not a problem, but cybercriminals are exploiting the current situation by abusing the trust of recipients and contacting them using phishing technology.

The Federation of German Consumer Organizations recently warned of a phishing e-mail that would come from the Sparkasse. Customers were supposed to provide personal data via a link, which then immediately reached the scammers. Hackers take advantage of the fact that, due to the corona pandemic, more and more customer relationships are being maintained via email, the recipients accept this and may not be careful enough.

This is annoying for the recipients of these e-mails and, in the worst case, can cost them a lot of money. The high volume of these e-mails can therefore also have consequences for reputable e-mail senders if phishing e-mails are sent on their behalf, as in the case mentioned above.

A second problem is spam. E-mails with dubious offers, such as respiratory masks or disinfectants, exploit the recipient’s fear for their own purposes. Even spam emails in the name of the World Health Organization (WHO) have been sent. E-mail providers have also recognized this and are enforcing their spam guidelines even more rigorously.

And something else that is very important for senders: once they have landed in a recipient’s spam inbox, they no longer reach the same recipient’s inbox. In this context, it is therefore particularly important that senders conscientiously comply with certain rules in order to guarantee the deliverability of their e-mails.

Small and medium-sized companies in particular, which have shifted their business activities to the Internet in the face of the crisis and are now increasingly sending e-mails, often do not know how they can protect themselves against the risk of their names being manipulated in the event of attacks, through phishing and against the loss of their good reputation .

The Certified Senders Alliance (CSA), a whitelisting project of the German E-Commerce Association eco eV in cooperation with the German Marketing Dialogue Association DDV, has set itself the goal of improving the quality of e-mails in order to improve deliverability increase and protect the reputation of senders .

CSA experts recommend that companies adhere to the following five basic principles to protect their identities on the network and ensure that their emails reach the recipient’s inbox now and in the future.

Only use quality addresses

Only include in your mailing list the addresses of contacts you have legally generated, who you know want to receive your information, and whose consent you can demonstrate at any time. This not only gives you legal certainty, but also protects your reputation and creates trust among your customers.

A small mailing list with quality addresses is better than a large mailing list with addresses from dubious sources.

In any case, use the double opt-in procedure. If in doubt, you must always be able to clearly demonstrate that you have the consent of anyone you emailed. And with Double-Opt-In (DOI) you are on the safe side.

Take care of your professional image

Pay attention to the quality of the image and wording in your e-mails. Pixelated images or buttons or even an insignificant message subject leave a negative overall impression. Make absolutely sure that all links in your email work and respect the “rules of the game”: each link must reflect the advertised information. Make sure that your overall appearance inspires trust and is not limited to what is required by law.

Speak openly

Be honest, even when it comes to getting new subscribers to your newsletter. Say what you want, in clear and understandable terms, do not “hide” your advertising permission request. The recipient notices this at the latest when he receives a newsletter that he did not consciously request and then unsubscribes in annoyance or, even worse, the spam stain in his mailbox.

Create a reference for the recipient to know why you are communicating with them and on what basis. Set clear expectations for the recipient by choosing a subject that also reflects the content of the email. And if possible, address the recipient personally.

Don’t be “pirate”

Protect yourself and your brand from the risk of being illegally used for phishing purposes with authentication. When sending your emails, use the Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Conformance (DMARC) standards.

With the help of DMARC, (SPF) and (DKIM), you have the option of making your emails uniquely recognizable for an email provider and at the same time specifying how they should handle emails that are supposed to come from you . In this way, phishing emails can be reliably detected and filtered before they reach the recipient and possibly harm your customer.

Go to partner search

Ever heard of terms like SPF, DKIM, and DMARC? Have you only sent individual e-mails so far, but would you like to expand your e-mail communication in the current situation? Bulk mailing requires compliance with extensive standards for transactional emails (e.g. invoices, order confirmations, etc.) and newsletters. The CSA has summarized the required technical and legal standards in the CSA criteria.

Are you considering having your emails sent via an email service provider? CSA-certified shippers undertake to meet the CSA criteria and thus meet a very high standard. For certified senders, see https://certified-senders.org/participants/

If your email service provider gives you the option, use a feedback loop. Your provider will then give you feedback on recipients who classify your email as spam or junk. It also helps you improve the hygiene of your list, but only if you remove the affected addresses from your list immediately, of course.

Leave a Comment