Phish, Flop, or Fine?Sandy Silk

Catherine Conway

We’re here to help.

Let us count the ways...

1. Increase the security of institutional and individual information. (Phish)

2. Improve the effectiveness of your broadcast email communications. (Flop)

3. Preserve email channel as a means for important messaging. (Fine)

From there to here, from here to there, phishy things are everywhere

One Phish

@iari.res.in

Two Phish

https://urldefense.proofpoint.com/v2/url?u=http-3A__kotovdent.ru_images_sampledata_collage_...

kotovdent.ru

my.bristol.ac.uk

Hunting expedition versus“catch of the day”

I am a rich prince in need of help...Hello Harvard...

Phish or Flop?

How many domains do you see in this message?

benstrat.lh1od.com

benstrat.navigatorsuite.com

benstrat.com

Phish or Fine?

Can’t I trust this if it comes from a Harvard address?

Message success depends on credibility

There are human ways and technological ways to make a good impression…and it’s a continuum.

Phishing filters at Harvard

Technical filters

Running the gauntletSuspect

Adult

SpamBulk

Phishing

66 millionEmail messages addressed to @harvard.edu that were blocked as spam/phishing in March 2016

Running the gauntlet (O365)Email from outside

Harvard

Spam, malware, and phishing filters

Bulk, malware, and phishing filters

Sender acceptance or blocking filters

Personal junk and blocking filters

(Email from inside Harvard)

Email sent outside Harvardor outside internal Exchange

(g.harvard, mail.harvard, @college, HBS)

What’s the “Holy Grail” of messaging?

There’s no recipe for spam.

Possible flagsUnfamiliar senderLack of text versionAttachmentRed textMany imagesLinking to multiple domainsAll capsKeywordsTyposSending to bad addressesLack of mailing addressNo unsubscribe link

Call ahead and order off the menu.

Call ahead: safelist your sender

Submit request to ithelp@harvard.edu

Email is still subject to local spam filters

Stick with the menu: Harvard URLs

Options for linking to Harvard websites

Post content on a Harvard website.

Use a Harvard link shortener for non-Harvard URLs.

Establish Harvard-branded domain for tracking (CNAME).

Floss after every meal.

Keep lists clean

Spam algorithms factor in engagement

No reason to keep unengaged subscribers on your list

Practice appropriate list hygiene

Re-engage inactive subscribers

If no response, consider opting out inactives

How to build credibility with technical filters

TacticsEmail marketing

service ListservOutlook with uploaded

list

Manage your spam flags X X X

Target your lists X X X

Link to Harvard URLs X X X

Use Harvard link shortener, when harvard url not available

X X

Safelist sender X

List hygiene X

Human filters

Phishing awareness campaign

Click Wisely

Phishing awareness and training

Mock phishing with feedback

Greater awareness drives more scrutiny of email

Be predictableManage your envelope:

Credible, consistent senderRelevant subject lineComplementary preheader textHave a reply address

Send at a regular, anticipated frequencyUse a well-tested and branded templateInclude all information within the email or on a Harvard website rather than sending an attachment

Provide option to manage preferences

Case study:EVP newsletter

Goals

Easily read across devices

Reflects best email practices

Incorporates tracking to measure engagement

Efficiently assembled each month

Continues to engage readers while serving as a messaging vehicle for Katie Lapp.

ExecutionContent

Project brief & wireframeTemplate developmentTestingIncorporated best practices:

Added a text versionAlt-text for imagesPreheader textMailing addressRemoved red textPosted full articles on Harvard

websites

DeliveryMoved to SilverpopCreated list querySafelisted evp@harvard.edu on

staff and school email servers via HUIT

links.mkt3495.com

Future plans

Tools for being a phish-aware, effective emailer

Harvard.edu/guidelines

Link shortener (coming soon)

Accessed by HarvardKey account with 2-step verification

Links checked against database of known malware sites

“hrvd.it” will be safelisted through our email systems

Are you phish, flop, or fine?

Remember the continuum

Questions?