Have you still got gmail?

One man’s phish is another man’s poison. As a legitimate digital marketer, your reaction to the latest online scam, leading to the posting of thousands of email log-in details, is likely to be disapproval and nothing else. Instead, it should be the trigger for two distinct courses of action.

The first is to review your email marketing database. Chances are that a large proportion of the target addresses you use are for Hotmail, Yahoo!, Google or AOL email accounts. In the wake of the recent phishing, you could find your clickthrough rates significantly reduced and bounceback rates rising.

Holders of email accounts with these providers are likely to have been made nervous about their security at best, or to have been directly exposed at worst. While it is hard to know exactly how many people were affected by the scam, assuming 1 in 100 seems reasonable.

Those individuals who know their log-in details have been published not only will change them, there is a strong chance they will start to use a completely different email provider. Even those not sure if their account has been compromised may choose to change.

As a result, an email database that was valid and responsive last month is likely to have been corrupted and in need of cleaning. As a first step, it will be worth inviting customers and prospects to provide an alternative address, or to carry out a data capture exercise to get more permanent contact data. Many consumers who use POP email also have other addresses, often those provided with their Internet access. Getting them to provide this address is a good hedge against losing contact.

The other action should be a trust exercise. Individuals who were scammed into revealing their log-in details did so in the belief that they were being asked for it by a legitimate brand owner. Spoofing websites is a common technique and, while it may be obvious to digital marketing experts, the validity of these locations is not always in doubt to the consumer.

So your brand needs to act in order to maintain the belief of your customers and prospects that you are legitimate and your domain has not been hijacked. That is no easy task if you rely on email to solicit a response which is driven to your website. Phishing uses exactly the same mechanism.

Some brands are already sitting pretty. First Direct has long made it clear that it will never request personal information and log-in details via email, for example. For other brands, it may be too late to change strategy. But anyone relying on email files that contain a lot of POP addresses is affected by phishing, not just those individuals who had the misfortune to fall for the scam.

Latest from Marketing Week


Access Marketing Week’s wealth of insight, analysis and opinion that will help you do your job better.

Register and receive the best content from the only UK title 100% dedicated to serving marketers' needs.

We’ll ask you just a few questions about what you do and where you work. The more we know about our visitors, the better and more relevant content we can provide for them. And, yes, knowing our audience better helps us find commercial partners too. Don't worry, we won't share your information with other parties, unless you give us permission to do so.

Register now


Our award winning editorial team (PPA Digital Brand of the Year) ask the big questions about the biggest issues on everything from strategy through to execution to help you navigate the fast moving modern marketing landscape.


From the opportunities and challenges of emerging technology to the need for greater effectiveness, from the challenge of measurement to building a marketing team fit for the future, we are your guide.


Information, inspiration and advice from the marketing world and beyond that will help you develop as a marketer and as a leader.

Having problems?

Contact us on +44 (0)20 7292 3703 or email customerservices@marketingweek.com

If you are looking for our Jobs site, please click here