Tag Archives: email

Humans Are The Weakest Link

Why is it that computer code has advanced exponentially in the last decade but websites still get hacked? Why is it that online security providers like Norton, Kapersky and McAfee work tirelessly improving their systems, but black hat miscreants still breach our systems and sell our information?

The problem is that while technology has gotten wiser, humans have not.

Hackers have shifted their efforts away from cracking code and onto cracking us. It’s much easier to trick people into giving away their passwords than it is to gain access to a secure system in any other way. Interestingly, this has meant that the bad guys have started to read up on things like psychology and human nature.

Phishing attempts used to be novel and somewhat humorous. We would snicker at the broken English employed by some eastern European nerd in his basement, seemingly choosing words at random from the dictionary and clumsily pasting them into sentences. Things have changed, however. Instead of recruiting men and women who can write code, many criminal organizations are bringing in manipulators who can write English – and write it well. It’s not uncommon for a modern phishing attempt to be indistinguishable from legitimate communication.

Remember when Target got hacked a few years ago around the holidays? The crooks gained access via one of their contractors who happened to have login information for a secure system. An employee at the contracting company fell for a trick email and pow! 10% off for everybody and free identity theft monitoring for a year.

With that being said, there are still ways to scrutinize your email to improve your chances for safety. Here are a few:

  • If it’s too good to be true  Common sense is still the #1 defense against hackers. If an email promises you something for nothing – even if it appears to be from a legitimate source on the surface (see below for more on this), it is almost certainly a scam. If the communication seems to come from a legitimate company, contact that company via the phone number on their website to confirm its authenticity.
  • Look closely at the source – Tricking humans is the easy part of phishing. Managing emails that look legit is much harder. Oftentimes the simplest way to spot a malicious message is by looking closely at the sender’s email address. If it claims to come from Wal-Mart but the address is something – anything different – then delete the email immediately.
  • Never give out your credentials – Businesses know better than to ask you for your login information via email. It’s not particularly secure, and it tends to have a dangerously long shelf life. Instead, businesses with whom you have an account will often ask you to log in using the same methods you always do (via the website or an app, for example). If an email asks you to enter your username and password, delete it. Period. 
  • Change your password often – I know this can seem like a pain in the neck, but it may be the most important thing you do to keep your online property safe. The more you change your login credentials, the less likely that they are floating around the ether of the worldwide web. Think about the last breach you were unfortunately enough to be a part of (almost all of us have, by this point): most of the time all it takes to “re-secure” your information is to change your password. If you do that on your own once a month or so, you significantly reduce the chances of a bad guy ripping it off.

Face it – we humans are the weakest link when it comes to online security. You protect your wallet or purse when you spend time downtown in a big city, why not spend a few moments improving your online security skills as well? Don’t be a victim. Be smart, and the bad guys will be forced to move on.

“Contact Us” Is An Appeal, Not A Link

The thing about focus groups is that sometimes you can learn things that you aren’t even studying. Fifteen or so years ago I was facilitating a focus group for a client, and while we were prepping the participants, one respondent seemed particularly eager to get started. Finally, he couldn’t take it anymore, and he loudly addressed the entire group. “I’ve been wanting to say this for a while,” he said angrily. “I used the ‘contact us’ form on this company’s website a few weeks ago, and nobody contacted me!”

He was frustrated, and he had every right to be. Now that he finally had what he thought was a direct line to the company’s management, he wanted to get some action. What he didn’t know was that back in the early days of the internet, everybody included an email form on their website but didn’t really expect anybody to use it. After all, most people still picked up their old-fashioned landline phones and called. Often, the “contact us” form forwarded messages to some weird email address that nobody in the company actively checked (because it was used so infrequently).

In the house where I spent my formative years, I distinctly remember a light switch that didn’t do anything. As a child, I recall flicking it on and off incessantly and walking around the house trying to determine what had changed. In my dreams, the lights were going on and off in a some secret subterranean spy lair under my house as operatives rolled their eyes. “Why did we even install that switch?” 007 would groan, opening a bottle of aspirin.

Now that we are all so indelibly connected via the web, I really thought those unresponsive days had passed. But in the last few months, I’ve run into two instances where I personally tried to reach an organization via their website’s “contact us” form and heard nothing but crickets. I finally had to call both of them (several times). “Oh usually we’re very good about replying to emails,” they assured me. I didn’t believe them.

In related news, one of the assignments for a college course that I teach has students analyzing how companies use social media for customer service contact. I recently graded dozens of assignments that included examples from companies big and small, some using Twitter and Facebook to engage their customers and solve problems while others used these powerful media platforms to regurgitate canned messages and generate information smoke screens.

When I assumed that bad customer service was simply one of the internet’s growing pains, I was wrong. In fact, customer service on the web is 99% about the company’s culture and only 1% about the medium. Organizations either have bad customer communication or they don’t, and the internet hasn’t really changed that.

You can put a “contact us” link on your website, but you need to decide whether you really want people to use it or not.

If you’re the kind of company that truly wants to hear from their customers, then use email and social media just like a personal conversation – answer when somebody talks to you. Ask how you can help. Offer solutions. Use it as a chance to strengthen the relationship.

On the other hand, if your business can’t be bothered with all that extra interaction, then you might as well just take “contact us” off of your website’s navigation. And while you’re at it, I suggest shutting down your social media pages, because in today’s online world people are starting to take score.

Face it – “contact us” should be a lot more than the name of a page or a form, it needs to be a request, an appeal for customers to give you real feedback that can be used to help your product and your team to improve. You shouldn’t be asking them if they need to get a hold of you, you should be begging them to do so!

And if that sounds scary to you, you need to take a long hard look at the culture in your company.