Silverpop - Tricks Instead of Treats: Phishing Emails and Other Malicious Messages
It appears you are using an older version of your browser. This site was developed to be progressive and future-compatible. Please take a minute to upgrade your browser for an optimal experience.
Skip to content
  • Subscribe:

Tricks Instead of Treats: Phishing Emails and Other Malicious Messages

blog post thumbnail image
by: Esther Lee (@IBMforMarketing)
31 October 2011

When it comes to Halloween, the treats always beat the tricks. The same applies to email. Email is a very effective way to share personalized messages with those who have opted in to engage with a company or organization. But just like with any other medium, there are people out there who don’t play by the rules and use email for malicious purposes.

Silverpop’s customers only send permission-based messages designed to educate, inform and share special offers with their audience in order to help their companies grow. But, just like any of us, they can also be the targets of those with detrimental goals. With that in mind, Silverpop recently introduced multifactor authentication to our platform to help marketers keep their data safer and more secure. This feature adds an additional layer of security to your account by requiring users to enter an authentication code before they can access your data.

Of course, even with the best technological safeguards, sometimes bad things happen to good people. That’s why we’re always looking for ways we can help digital marketers help themselves improve data security and keep their companies safe from phishing emails and other harmful communications.

And so, to better enable you to maintain the highest level of security, I wanted to share some of the tips I’ve found to be most helpful.

First, it’s important to keep in mind that all malicious email attacks rely on tricking the recipient into clicking on a link, opening an attachment or running a program that leads to unauthorized access to your computer. Here are some common characteristics of potentially dangerous emails to keep an eye out for:

  • Slightly misspelled URLs (e.g. or instead of These may appear in both links within an email and in the “reply to” email address. Official corporate emails will rarely come from other “lookalike” addresses such as “” or “”
  • Links that don’t match the actual destination: You can check this by hovering over the link. For example, a link might read as “,” but hovering over it shows “” 
  • Attachments: Including attachments in emails is an inefficient way for a company to collect or disseminate information, and thus attachments are rarely used for this purpose.
    • Think about whether an attachment makes sense. Most of the time, a link would have been more efficient and therefore would have been used instead. 
    • Make sure the extension is logical. If someone sends you an email saying, “Please review the attached spreadsheet,” and the attachment contains a “.pst” extension, something isn’t right.
    • Be careful opening PDF or Flash documents. We know how tempting it can be to open that animation claiming, “You have to watch this! It’s the funniest video ever.” Resist that temptation.  Even if it’s legitimate, it’s probably not that funny.
    • Be wary of overly generic emails or attachment names, especially if they come from someone not personally known to you. If you have any suspicions at all, reply to the sender with, “Can you fill me in about what this is about?” before you open the attachment.


  • Unencrypted links: Whenever a site asks you for personal information (social security number, passwords, etc.), take the time to check that the URL it’s sending you is secure. If it’s encrypted, the link will start with “https://” and not “http://”.  
  • Clicking on a link flags a security warning: Often this is a false positive, but if clicking on a link prompts a security warning from your browser, you should proceed with caution if at all.  
  • Little or no support information and/or generic greeting: Be wary of emails with no customer service contact info or unsubscribe link, poor grammar and/or impersonal greetings.
  • Sender appears legitimate: Don’t assume that just because an email comes from a valid address that there’s nothing wrong with it. Sometimes when a computer is infected, it will send a new malicious email to everyone in the victim’s address book. Be vigilant, and if something about an email from a coworker or friend strikes you as odd, don’t trust it.

Last but certainly not least, keep these words of email wisdom in mind:

  • You probably haven’t won the lottery.
  • There’s no lawyer/barrister/solicitor holding vast sums of money you are due.
  • The generous prince isn’t real. Sorry ladies.
  • If you deposit that check and send a stranger half, it’s a safe bet you’ll lose everything.
  • Random solicitations looking for “a discrete business relationship” at great profit will always result in a net loss for you.
  • The lovely lady professing her interest is not interested in the same kind of “relationship” you are.
  • Those pills are fake.

If it seems too good to be true, it probably is. Let that email go.


Sign up Now!

Subscribe to IBM Marketing Cloud's Digital Marketer Newsletter!

Popular Categories

Top 5 Posts


To give you the best experience, this website uses cookies.

Continuing to use this website means that you consent to our using cookies. You can change your cookie settings in your browser at any time.
Find out more here or by clicking the Cookie Policy link at the bottom of this page.