Why do banks, eBay, PayPal, Yahoo, etc. continually blast HTML-formatted messages that enable phishers to do their dirty business? Because end-users respond to them.
- “The most popular link in a single-offer e-mail is the graphic button-type link that follows a complete description of the offer. Buttons far out-pull text links;
- Link everything — the headline/subhead, the image and the text or button — to the desired Web page. People click things whether they appear to be links or not and you don’t want to interfere with that impulse, and;
- More links generally means more response overall.”
Thus, the typical eBay/PayPal/whatever phishmail buries the phishlink under a slurry of legitimate links. The phisher’s expectation: Even those rare users who are willing to slog through source code will overlook the only link that counts. And all too often, it works.
Users click the links.
That’s why more and more admins over-compensate. They simply disable all HTML links and scripts embedded in email messages, converting polished sucker-punches into glance-and-delete has-beens. Before and After shots are quite educational.
![[Zone Labs email pitch, before and after disabling hidden links.]](http://www.trimmail.com/news/images/gif_zonealarm_gfx_disabled)
(It really gripes us when those who know better do it, like Zone Labs.)
It’s just too bad most email marketers aren’t intuitive, creative or responsible enough to envision their final delivered output. Straightforward plain text messages without hidden links may produce fewer suckers, but they would certainly engender more respect from the recipients.
1 comment
Comments feed for this article
September 28th, 2005 at 11:35 am
Red
A real conundrum… from a marketer’s perspective, you’re missing sales by not using HTML, and you’re missing sales if you do.