Daniel Burstein

Email Marketing: Why phishing emails (unfortunately) work … and what marketers can learn from them

August 8th, 2018

I was riding in the car with my wife’s uncle. And when he found out that email marketing was one of the things I work on, he said, “Oh, so you send spam. I hate spam!”

It goes without saying, spam is bad marketing and I don’t support it. As I’ve written before, email marketing is just a means to an end. And the end should be helping a person.

I bring this up because we’re going to a pretty dark place today: Phishing emails.

Let me be clear. Phishing emails aren’t marketing. They are a flat-out scam. The role of marketing is to help a customer perceive the value and cost of products in a world of choice to — ultimately — make the best choice for them. Phishing emails are just plain thievery.

While phishing emails don’t ultimately deliver value, they do communicate value. Not to everyone, but to a specific audience. And that is why some people act on them.

So let’s see what legitimate marketers can learn from them. Let’s not be close-minded because their intentions are wrong. After all, for the marketer who seeks to grow his personal capacity, there are lessons everywhere. So here are some email marketing insights from email marketing scams.

What is a phishing email?

Earlier in my career, I worked in the IT security space for a bit, and I learned that the weakest link in security isn’t that encryption could be hacked.

It’s you. And me.

And that’s what phishing is, essentially. Instead of trying some complex technological ways to steal, just get people to act of their own volition. It’s a form of social engineering. They are using bait to catch a victim, and the visceral way it is named always reminds me of this scene from “Wayne’s World.”


You can see 15 examples of phishing emails here, and I’ve included a few of the most common types below.


Like most companies, we get Phishing emails all the time. Our Senior Systems Manager, Steve Beger, recently sent a note to all employees updating them on tactics to watch out for and he included a line that caught our attention. “These folks must have passed their Email Messaging course.” And that was the nexus for this article.

Let’s look at these phishing emails through the lens of one lesson taught in the course — relevance, importance and urgency.

Relevance to the consumer

Relevant is the degree to which an offer is connected to the recipient’s situational motivations.

Much like marketers, there are some phishers who just batch and blast, and some who truly target their emails.

Unlike spam emails, which can seem ridiculous to all but the least skeptical among us (see James Veitch explain what happens when you reply to a spam email that says “Hello James Veitch, I have an interesting business proposal I want to share with you, Solomon.”), phishing emails are more plausible specifically because they are more relevant.

For the batch-and-blast crew, they send out an email about your Wells Fargo account, for example. Now, you might not have a Wells Fargo account, but a lot of people do. The scammers don’t care about what email doesn’t hit its mark or their sender reputation, but you can learn from their focus on relevance.

Some scammers get much more personalized. They research you and the company, and will, for example, send a personal-seeming note from your CEO asking for gift cards or a money transfer. That is extremely relevant.

“The most effective type of spear-phishing attack utilizes research to better understand their target beforehand, allowing the scammer to exploit previous relationships,” said Jonathon Yates, Market Intelligence and Optimization Manager, MECLABS Institute (MECLABS is the parent research organization of MarketingSherpa). Of course, marketers should be researching their customers as well, but to serve them, not exploit them.

This research allows scammers to utilize an exclusive (seeming) message. “Exclusivity helps overcome people’s natural suspicion,” Yates said.

Marketers can use a similar tactic, in an honest way of course. Yates gave an example, “We recently saw this result in a test we ran for a Research Partner, where our initial test ran a shorter email copy against a longer control and increased open rate (OR) by 2.59%, clickthrough rate (CTR) by 22.21% and conversion rate (CR) 10.44%. We then ran the same short email against the control with a subject line that further emphasized the exclusivity (Sneak Peak: View Our 2019 Membership benefits) and got even better results increases (20.04% OR, 32.9% CTR and 114.05% CR).”

It’s not just the relevance of the “offer,” it’s also the fact that the email can come in the form of a personal appeal. “People have a preference to communicate with real people,” Yates says.

Email is, after all, a communication mechanism. Don’t just view it as a marketing channel. Unlike, say, a banner ad or a TV commercial, people use email every day to communicate with real people, not just to consume commercial messages.

“Try to appeal to someone from a known contact or at least a genuine, named contact. Addressing prospects from a named email address can help make a message seem more genuine [than just a general branded ‘from’ field],” advised Yates.

“We recently ran a test where we simply changed the email to be sent from a named person’s email address and drove a 53.52% increase in open rate.”


Importance is the degree to which an offer is essential to a recipient’s livelihood.

Phishing emails always have a good “why” they want you to act. And this is something marketers can learn from because it’s never about their own goals (i.e., stealing your money), it’s firmly about your goals.

Like, your account is going to be canceled within 24 hours if you don’t act, you owe money to the IRS, or “I’m your CEO, and I’m asking you to do something.”

In addition, that “why” often comes in the form of an appeal from authority to make the recipient feel like the email is more important.

“As a marketer, this should be done sparingly and only in an honest way, but it can be effective around getting people’s attention in regard to account or membership renewals,” Yates said.

Unlike with a phishing email sent by scammers, most recipients won’t assume that your company’s CEO is actually sending them a personal email. However, unlike an email that looks like a traditional visual postcard, they may conclude that the message was important enough for the CEO to at least review it and allow their name to be used.


Urgency is the degree of immediacy associated with an offer imposed by either the recipient’s situation or the nature of the offer itself.

People are busy. Unless you give them an understanding of why acting soon is in their best interest, they often won’t. And the longer it takes them to act, the less likely they will eventually act on your conversion goal.

“Setting a time limit that implies either the loss of an exclusive benefit/incentive or, conversely, the imposition of a negative consequence, can drive increased engagement — and is used by scammers to bypass some of our natural suspicion,” Yates said.

“Marketers can use a similar technique to increase open rates, click through rates and ultimately conversions. Unlike scammers though, the importance is to be honest and make sure that you carry through the genuine urgency message from subject line to email to landing page,” he advised.

Customer-first email marketing

Of course, the biggest lesson we can take from phishing email scammers is what not to do. They have a massive blind spot of self-interest, which causes them to cross lines of morality that society holds dear.

But let’s not kid ourselves, marketers. We have our own self-interest as well. And while not as morally deficient, it can also blind us. For example, after you read this article, it would be in my best interest if you click on the first link in the Related Resources section at the bottom of this article and take our email messaging course.

However, I haven’t made this entire article a sales pitch for that course (I hope). I tried to lead with value, giving you ideas to improve your job performance while maybe avoiding scams to boot.

And that can sometimes be our biggest challenge of all. For a legitimate business, email is a permission-based medium. You can often squeeze out a few more conversions from an email in the short term by burning the customer.

But when you lead with value — when you put the customers’ needs before your own — then you have earned that permission. You start to build a trusting relationship with the customer. And ultimately, you create a sustainable email marketing practice within your business that you can be proud to call your own.

You might also like …

MECLABS Institute Email Messaging online certification course – Learn proven methodologies based on years of research

The Hidden Side of Email Marketing: The once-and-done option, A/B testing and a supersmart kind of dumb

Email Marketing: Inactive lists and deliverability


Daniel Burstein

About Daniel Burstein

Daniel Burstein, Senior Director of Editorial Content, MECLABS. Daniel oversees all content and marketing coming from the MarketingExperiments and MarketingSherpa brands while helping to shape the editorial direction for MECLABS – digging for actionable information while serving as an advocate for the audience. Daniel is also a speaker and moderator at live events and on webinars. Previously, he was the main writer powering MarketingExperiments publishing engine – from Web clinics to Research Journals to the blog. Prior to joining the team, Daniel was Vice President of MindPulse Communications – a boutique communications consultancy specializing in IT clients such as IBM, VMware, and BEA Systems. Daniel has 18 years of experience in copywriting, editing, internal communications, sales enablement and field marketing communications.

Categories: Email Marketing Tags: , , ,

We no longer accept comments on the MarketingSherpa blog, but we'd love to hear what you've learned about customer-first marketing. Send us a Letter to the Editor to share your story.