In July 2016, Hilton HHonors loyalty program members received an email asking them to log into their Hilton HHonors account to confirm their correct email address, mailing address, and other personal details.
The email set off alarm bells for a number of customers. One tweeted a screenshot of the email to the Hilton HHonors Twitter account, asking, “… is this legit? Looks very much like a phishing email…”
Hilton’s support team responded, “This is not an email from the HHonors team. Please do not share your account details.”
The only problem? It was a legitimate email from Hilton HHonors, but it so closely resembled a phishing email it fooled Hilton’s own IT team.
Hilton is not the only company to inadvertently send customer emails that are nearly indistinguishable from phishing emails. Many companies send emails asking their customers to log in to confirm account information or confirm payment details. Sometimes, cautious customers will reach out to the digital community for feedback on whether an email is real or fake.
These emails are a problem because not only do customers believe them to be phishing emails, but they normalize emails that ask for personal information—making people more vulnerable to real phishing scams in the future.
Marketers need to understand email marketing best practices to send secure customer messages that don’t endanger customer privacy and data. Here’s everything you need to know from a technical and content perspective to make sure your email isn’t mistaken for a phishing scam.
Read the rest of this post »