Bait for the phish: The subject lines that reel them in.

To those of us who work in the MarComm field – or in business generally – it may seem odd how so many people can get suckered into opening e-mails that contain malware or otherwise wreak havoc with their devices.

But as it turns out, the phishing masters have become quite adept at crafting e-mail subject lines and content that successfully ensnare even the most alert recipients.

In fact, the phishers actually exploit our concerns about security by sending e-communications that play off of those very fears.

To study this effect, cybersecurity firm KnowBe4 conducted an analysis of the most clicked-on phishing subject lines of 2018. Its evaluation was two-pronged – charting actual phishing e-mails received by KnowBe4 clients and reported by their IT departments as suspicious, as well as conducting simulated phishing tests to monitor recipient behavior.

What KnowBe4 found was that the most effective phishing e-mail subject lines generally fall into five topic categories:

  • Passwords
  • Deliveries
  • IT department
  • Company policies
  • Vacation

More specifically, the ten most clicked-on subject lines during 2018, in order of rank, were these:

  • #1. Password Check Required Immediately / Change of Password Required Immediately
  • #2. Your Order with Amazon.com / Your Amazon Order Receipt
  • #3. Announcement: Change in Holiday Schedule
  • #4. Happy Holidays! Have a drink on us
  • #5. Problem with Bank Account
  • #6. De-activation of [recipient’s e-mail address] in Process
  • #7. Wire Department
  • #8. Revised Vacation & Sick Time Policy
  • #9. Last reminder: please respond immediately
  • #10. UPS Label Delivery 1ZBE312TNY00015011

Notice that nearly all of them pertain to topics that seem important, timely and needing the attention of the recipient.

Another way that KnowBe4 analyzed the situation was by pinpointing the e-mail subject lines that were deployed most often in phishing e-mails during 2018.

Here are the Top Ten, ranked in order of their usage:

  • #1. Apple: You recently requested a password reset for your Apple ID
  • #2. Employee Satisfaction Survey
  • #3. Sharepoint: You Have Received 2 New Fax Messages
  • #4. Your Support Ticket is Closing
  • #5. Docusign: You’ve received a Document for Signature
  • #6. ZipRecruiter: ZipRecruiter Account Suspended
  • #7. IT System Support
  • #8. Amazon: Your Order Summary
  • #9. Office 365: Suspicious Activity Report
  • #10. Squarespace: Account billing failure

Commenting on the results that were uncovered by the evaluation, Perry Carpenter, a strategy officer at KnowBe4 had this to say:

“Clicking [on] an e-mail is as much about human psychology as it is about accomplishing a task. The fact that we saw ‘password’ subject lines clicked … shows us that users are concerned about security.  Likewise, users clicked on messages about company policies and deliveries … showing a general curiosity about issues that matter to them.”

Carpenter went on to note that KnowBe4’s findings should help corporate IT departments understand “how recipients think” before they click on phishing e-mails and the links within them.

How about you? Are there other e-mail subject lines beyond the ones listed above that you’ve encountered in your daily activities and that raise your suspicions? Please share your examples in the comment section below.

Klout’s gone (thankfully) … but get ready for Skorr.

Social influence/reputation scores – what no one really wants – come back for Round 2.

Who remembers Klout anymore?  When the social media “influence rater” was quietly shuttered in mid-2018,

Klout was just a faint glimmer of what it had once been.  Over a 10-year arc, the social influence “Klout Score” went from being something some people cared about to being something no one bothered with.

Through some rather opaque algorithms, Klout purported to measure the reach and influence of people’s social networks and correlate the content they created to measure how others interacted with that content.

Klout used major social media platforms including Facebook, Instagram, Twitter, YouTube, Wikipedia and LinkedIn (plus a few less important ones like Foursquare and Google+, but not SnapChat or Pinterest) to create a person’s so-called “Klout Score” ranging from 0 to 100.  The higher the score, the more “social clout” the person presumably had.

The resulting score was something that many people discounted, noting that prolific bloggers ended up having Klout Scores significantly higher than even the president of the United States.

Others looked at their own modest Klout Scores and freaked out.

But as it turned out, all of it was “much ado about nothing” — so much blue smoke and mirrors.  MediaPost columnist Kaila Colbin put her finger on the reality of it all when she wrote this about the foundation upon which Klout was built:

[The idea that] “the carrot, the reward, is the influence you have — that is backwards. Influence is not a reward or an end-result.  It is a byproduct of actually being good …”

Colbin continued:

“A service like Klout promotes the ambition of being influential, but there are no shortcuts. Show up. Express yourself wholeheartedly. Deliver value. Ask yourself what you can give your community. The influence will take care of itself.”

As if on cue, starting about halfway into its decade-long life, Klout began to show significant cracks in its foundation. Klout’s presence began to weaken as more people raised questions about the company’s well-guarded methodology by which its scores were determined.

Still others began to label the scheme “socially evil” in that Klout was in the business of exploiting the “status anxiety” of the people who paid attention to the scores.

But perhaps the biggest knock came when search engine specialist Sean Golliher analyzed the Klout scores of Twitter users and discovered that the number of Twitter followers was sufficient to explain 95% of the Klout scores assigned to those users. That finding validated the suspicions many had about Klout all along that its rating system was an elaborate architecture based on very little at all.

The last few years of Klout played out like so many other high-flying wonders of the cyberworld:  A change of ownership that failed to stem the negative trends, followed by mounting irrelevance and finally closing down the entire enterprise.

At the time Klout was shuttered in May 2018, few even noticed. Indeed, for many Internet users it was as if Klout had never existed.

But cyberspace being what it is, no sooner had Klout disappeared than a new social influence/reputation protocol emerged to take its place.

This time it’s Skorr, sporting the high-minded tagline “grow socially” and described by its backers as follows:

“[We] are now building a decentralized reputation protocol for the Internet: making reputation immutable and anonymity accountable … This reputation protocol allows individuals, organizations and things to create one or multiple reputations, depending on their identity.  Each reputation will be immutable, verifiable and traceable — and as such, the actor can be held accountable.”

Over on the company’s website, we read that not only will Skorr allow people to measure their influence, it “will also allow you to challenge your friends on different social contests and invite them to social media disputes.”

Isn’t that just what we need: more ways to help people argue more online.

Let’s hope that this new influence/reputation “protocol” will go the way of the last one — and that it happens a whole lot quicker this time around.

Reuters: In 2019, publishers will experience “the biggest wave of layouts in years” … and massive burnout among the journalists who remain.

The bad news continues for the publishing industry in 2019.

I’ve blogged before about the employment picture in journalism, which has been pretty ugly for the past decade.   And just when it seems that news in the publishing industry couldn’t get much worse … along comes a new study that further underscores the systemic problems the industry faces.

The results from a recent Reuters survey of publishers worldwide point to declines that will only continue in 2019.  In fact, Reuters is predicting that the industry will experience its largest wave of layoffs in years, coming off of a decade of already-steadily shrinking numbers.

The main cause is the continuing struggle to attract ad revenues – revenues that have been lost to the 600-lb. gorillas in the field – particularly Facebook, Google and Amazon.

Growing subscription revenue as opposed to a failing attempt to attract advertising dollars is the new focus, but that will be no panacea, according Nic Newman, a senior research associate at Reuters:

“Publishers are looking to subscriptions to make up the difference, but the limits of this are likely to become apparent in 2019.”

In addition to boosting subscription revenue, publishers are looking to display advertising, native advertising and donations to help bankroll their businesses, but advertising is the main focus of revenue generation for only about one in four publishers — a far cry from just a few years ago.

Putting it all together, Reuters predicts that it will lead to the largest wave of publishing job layoffs “in years” – and this in an industry where employment has been shrinking for some time now.

With yet more layoffs on the horizon, it’s little wonder that the same Reuters research finds employee burnout growing among the employees who remain. As Newman states:

“The explosion of content and the intensity of the 24-hour news cycle have put huge pressure on individual journalists over the last few years, with burnout concerns most keenly felt in editorial roles.”

A major reason why:  Even more is being asked from the employee who remain – and who are already stretched.

Journalism salaries are middling even in good times – which these certainly are not.  How many times can an employee be asked to “do more with less” and actually have it continue to happen?

Even the bragging rights of journalists are being chipped away, with more of them relegated to spending their time “aggregating” or “curating” coverage by other publishers instead of conducting their own first-hand reporting. That translates into perceptions of lower professional status as well.

In such an environment, it isn’t surprising to find editorial quality slipping, contributing to a continuing downward spiral as audiences notice the change — and no doubt some turn elsewhere for news.

Last but not least, there’s the bias perception issue. Whether it’s true or not, some consumers of the news suspect that many publishers and journalists slant their news reporting.  This creates even more of a dampening effect, even though in difficult times, the last thing publishers need is to alienate any portion of their audience.

How have your periodical and news reading habits changed in the past few years? Do you continue to “pay” for news delivery or have you joined the legions of others who have migrated to consuming free content in cyberspace?

(For more details from the Reuters research, you can sign up here to access the report.)

Yet another knock on business travel.

“Don’t let the bed bugs bite” becomes harder to do …

Recently, an article in Meetings & Conventions magazine caught my eye – and not in a good way.  The big headline blared that Baltimore has kept its title as the “Bed Bug Capital of the United States.”

Seeing as how Baltimore is the big city closest to where I live, this didn’t come as particularly welcome news. No one wants to be singled out for such a dubious “honor.”

Adding insult to injury, nearby Washington, DC came in second on the list, which was compiled based on metropolitan area statistics of the national pest control service provider Orkin, and where that company has performed the most bed bug treatments over the past year.

For the record, making up the Top Ten bed bug infestation listing are the following metro areas:

  1. Baltimore
  2. Washington, DC
  3. Chicago
  4. Los Angeles
  5. Columbus, OH
  6. New York
  7. Cincinnati
  8. Detroit
  9. Atlanta
  10. Philadelphia

For Baltimore, it was the third year in a row landing on top of the metro area list.  Meanwhile, several others made it onto the list that weren’t there previously (Atlanta and Philadelphia).

On the other hand, Dallas and San Francisco have now dropped out of the Top Ten.

Entomologist Chelle Hartzer, an Orkin spokesperson, was quick to point out that being on the Top Ten list shouldn’t be viewed as a reflection of general lack of sanitation or cleanliness, stating:

“Bed bugs are the #1 urban pest in many cities today. They are master hitchhikers, so no one is immune.  Sanitation has nothing to do with prevention; from public transit to 5-star resorts, bed bugs have been and can be found everywhere humans are.”

When you think of it in that context, it’s actually little wonder that Baltimore and DC have so many incidences of bed bug infestations requiring treatment, considering the amount of travel to and from the National Capital region from all over the world.

[I’m completely clueless as to how and why Columbus, OH should come to outrank New York City, however.]

The bigger question is … what to do about it?

For its part, Orkin has come up with some suggested personal “dos” and “don’ts” for travelers regarding managing their exposure to beg bugs.

Among the precautions Orkin recommends that people take are these when checking into your hotel or motel room:

  • Lift and look around typical hiding spots including the mattress, box spring, behind baseboards, pictures, and torn(!) wallpaper.
  • Check carefully for tiny, ink-colored stains on mattress seams, in soft furniture and behind headboards.
  • Avoid placing your luggage on beds, and also avoid proximity to walls and carpeted surfaces(!). Whenever possible, keep luggage elevated, such as on a hard-surface counter.
  • The safest location is placing your luggage in the bathroom(!).

Reading the ways Orkin recommends limiting exposure to bed bugs while on a trip seems designed to take all the pleasure out of traveling. Maybe it’s time to consider Plan B:  staying home!

Speaking personally, I have yet to be subjected to a bed bug infestation — either on the road or “hitchhiked home.” But I know several people who have – and their stories weren’t pretty.  Do you have any personal experiences of your own to share?

Facebook’s bad publicity in 2018 lands it at the top of the “least-trusted technology company” list.

The trust is gone …

One has to assume it’s a citation Facebook CEO Mark Zuckerberg has tried mightily to avoid receiving. But with a massive data breach last year and poor marketing decision-making accompanied by a wave of bad publicity, it shouldn’t come as a major shock that Facebook is now considered the least trusted major technology brand by consumers.

The real surprise is by how much it outscores everyone else. Really, Facebook’s in a class by itself.

Recently, online survey research firm Toluna conducted a poll of ~1,000 adults age 18 or older in which it asked respondents to identify their “least trusted” technology company.

The results of the survey show the degree to which Facebook has become the “face” of everything that’s wrong with trust in the world of technology.

Here’s what Toluna’s found when it asked consumers to name the technology company they trusted least with their personal information:

  • Facebook: ~40% of respondents trust least
  • Amazon: ~8%
  • Twitter: ~8%
  • Uber: ~7%
  • Google (Gmail): ~6%
  • Lyft: ~6%
  • Apple: ~4%
  • Microsoft: ~2%
  • Netflix: ~1%
  • Tesla: ~1%

The yawning gap between Facebook’s unflattering perch at the top of the listing and the next most-cited companies — Amazon and Twitter — says everything anyone needs to know about the changing fortunes of company image and how fast public opinion can turn against it.

About the only thing worse is not showing up on the Top 10 list at all – which is the case for Oath (the parent of Yahoo and AOL).  That entity has become so inconsequential, it doesn’t even enter into the conversation anymore.  That’s a “diss” on a completely different level, of course. As Oscar Wilde once said, “The only thing worse than being talked about is … not being talked about.”

What about you? Do you think that Facebook should be tops on this list?  Let us know your opinion below.

The ignominious end of Google+.

… And who cares?

How many of us have predicted the demise of Google+? Over the years, the ill-fated social network wasn’t ever able to gain much traction.

Its “hangouts” and “rooms” functionality, trumpeted with great fanfare when launched, never really amounted to much.  The few times I attempted to engage with people in any of those spaces, it was akin to being the only person in a restaurant at 3:00 in the afternoon.

Several months ago, Google finally bowed to the inevitable and announced that it would be shuttering Google+, effective in August 2019.

But even this end-date has turned out to be star-crossed. In one final ignominy, Google discovered a bug in a Google+ API which appears to have affected potentially more than 52 million users.

Specifically, apps that have requested permission to view the profile information that users had added to their Google+ profiles – basic things like name, age, occupation and e-mail address – were granted permission to do so even when the users’ profiles weren’t set to “public.”

On a brighter note, the bug didn’t allow access to more sensitive information such as financial figures, passwords, or similar data typically used for identity theft, nor does it appear that any of the personal information has been misused – at least not yet.

But as a result of discovering this bug, Google has now decided to shut down the Google+ social platform this coming April – four months earlier than planned.

So, what we have is that the final exit of Google+ from the scene further underscores its underwhelming existence. As Ben Smith, a Google vice president of engineering, stated candidly, the social platform “has not achieved broad consumer or developer adoption and has seen limited user interaction with apps.”

Which is another way of saying, “It’s been a failure.”

And while a few souls may be lamenting its demise, for the vast majority of people, the platform expired years ago.

What about you?  Did you ever engage with this social media network?  And if you did, what was your experience.  Most tellingly, when did you cease you interaction?

A day late and a dollar short: Starbucks finally honors its pledge to install WiFi blocking mechanisms in its stores.

In the age of social media shaming, it’s a wonder that some companies think they can get away with failing to keep their promises.

A case in point is Starbucks Coffee. For a number of years now, there have been concerns raised by Starbucks customers and other consumers about the easy ability to access pornography websites via the free public WiFi at the company’s store locations.

You may have witnessed it – people viewing such material in full view of other customers, without regard to whether there are minors present or any other ameliorating factors.

In such matters there’s such a thing as propriety. It isn’t illegal to view (most) pornography, but there’s a time a place for everything.

What it most certainly isn’t is copulating on the beach, or viewing hardcore pornography in a public space like a shopping mall, a coffee shop an airplane.

You’d think all of this would be obvious to a company like Starbucks — seeing as how “socially aware” the company purports to be. But it took protests from 75+ groups beginning in 2014 to convince the company to block access to porn sites for people using the public WiFi at its stores.

It took two years, but in 2016 Starbucks bowed to pressure and announced publicly that it would be rolling out porn blocking mechanisms across all of its stores.

But then … it didn’t happen.

What was Starbucks thinking? In its wisdom, did it think that by simply making the announcement the controversy would blow over?  That’s either naïve or willfully arrogant.

In any case, after waiting several more years for action to occur, a new online petition in November from a group called CitizenGo quickly gained more than 26,000 signatures — inside of a week, in fact.

Commenting on the effectiveness of the new effort, Donna Hughes, who heads up Enough is Enough, the Internet safety umbrella organization representing the 75+ groups concerned about Starbucks’ lack of action, explained why the petition resonated with so many people:

“By breaking its [earlier] commitment, Starbucks is keeping the doors wide open for convicted sex offenders and others to fly under the radar from law enforcement and use free, public WiFi services to access illegal child porn and hardcore pornography. Having unfiltered hotspots also allows children and teens to easily bypass filters and other parental control tools set up by their parents on their smartphones, tablets and laptops.”

Considering the speed in which the November petition reached critical mass, social media has only grown in its reach since 2016. What took two years to obtain a (broken) promise from Starbucks to implement blocking mechanisms for its store’s public WiFi took just one week this time around.

Starbucks has now confirmed to several news outlets that it is recommitting to install blocking software for its store locations in 2019.

We’ll see how good the company is in honoring its pledge this time around. My guess is that they won’t play with fire a second time around.