When it comes to websites, designers, UX gurus and SEO experts have been telling us that, apparently, visitors will gain trust in the brand or the product being presented, in some cases, as quickly as 50ms.
At that speed, it’s literally a blink from a user’s eyes to work out whether they should continue with their activity online. The loading time of websites has been a clear factor too – if a site takes too long to load, users get bored or frustrated and give up. But, can the same be said about email?
When it comes to emails, the content is much lighter than a full blown website – generally, they aren’t image heavy, scripts can’t run and usually everything is loaded from the same domain (or newsletter hosting engine). Slow 3rd party plugins don’t kick in either, so emails, even over a mobile connection, generally load instantly.
Now, phishing emails, are, in some cases, even lighter in terms of load – some are just plain text (which for a transactional or promotional email, is very rare these days) – and the ‘nicer’ ones still load pretty much instantly. So the factors of getting frustrated or bored with dodgy emails doesn’t really exist, but could the ‘blink of an eye’ human trust scan still work?
Our own assessments have shown that people can be as quick as 3 seconds from receiving an email to acting on it – and that includes reading the from name, reading the subject line and then clicking the link.
Do people online just do what they are told to do?
If a link says ‘click here’ – someone will click it.
On social media, generally by putting “please RT” when tweeting will almost certainly result in more exposure through re-tweeting and those Facebook images, which I’m sure we’ve all seen, “please like and share” – do actually result in more likes and shares.
So for the scammers that put these emails together – it’s almost too easy. Just tell someone to click a link and they will. Could that really be true about phishing emails?
While some users are naturally more vigilant than others, many often can’t resist clicking a link, especially when the message they receive is so desperate and important sounding in its nature, which compounds that natural urge to find out more.
Some recent examples, spotted ‘in the wild’, include “Online Banking Access Being Blocked”, “Missed Payment Notifications”, “Important Actions in Your Account”.
Combine that desperation to see what’s happened with an email that looks pretty legitimate and your details could soon be with the scammers.
Is there any hope? What can users do? Should we really have to treat every email with a lack of trust because a few forged ones have caused so much trouble?
Potentially, yes – did you expect it? Does the email try and get you to complete an action, sometimes with a time limit aspect? Is it asking you to ‘click here’ or ‘sign in’?
Ask yourself these questions each time you suspect something isn’t quite right - perhaps try to verify by alternate methods (ring your bank, log in to your account by not clicking the link in the email), or the safest bet – delete it, and for once, don’t do what you’re told.