Tag: email

By Adam Grant for The New York Times 

Whether you’re a devout practitioner of “inbox-zero” or a functional e-mail hoarder, you probably have some sort of professional philosophy on e-mail. But is there an optimal approach?

Yes, we’re all overwhelmed with email. One recent survey suggested that the average American’s inbox has 199 unread messages. But volume isn’t an excuse for not replying. Ignoring email is an act of incivility.

“I’m too busy to answer your email” really means “Your email is not a priority for me right now.” That’s a popular justification for neglecting your inbox: It’s full of other people’s priorities. But there’s a growing body of evidence that if you care about being good at your job, your inbox should be a priority.

When researchers compiled a huge database of the digital habits of teams at Microsoft, they found that the clearest warning sign of an ineffective manager was being slow to answer emails. Responding in a timely manner shows that you are conscientious — organized, dependable and hardworking. And that matters. In a comprehensive analysis of people in hundreds of occupations, conscientiousness was the single best personality predictor of job performance. (It turns out that people who are rude online tend to be rude offline, too.)

I’m not saying you have to answer every email. Your brain is not just sitting there waiting to be picked. If senders aren’t considerate enough to do their homework and ask a question you’re qualified to answer, you don’t owe them anything back.

How do you know if an email you’ve received — or even more important, one you’re considering writing — doesn’t deserve a response? After all, sending an inappropriate email can be as rude as ignoring a polite one.

I have a few general rules. You should not feel obliged to respond to strangers asking you to share their content on social media, introduce them to your more famous colleagues, spend hours advising them on something they’ve created or “jump on a call this afternoon.” If someone you barely know emails you a dozen times a month and is always asking you to do something for him, you can ignore those emails guilt-free.

Along these lines, the last time I made the mistake of admitting in this newspaper that I believe in being responsive to emails, I got a deluge of messages. One reader even wrote, “I just wanted to test you, to find out if it’s true.” So this time, let me be clear: I’m not writing this article as a personal note to your inbox, so it doesn’t require a personal reply to mine.

We all need to set boundaries. People shouldn’t be forced to answer endless emails outside work hours — which is why some companies have policies against checking emails on nights and weekends. Some people I know tell their colleagues they’ll be on email from 9 to 10 a.m. and 2 to 3 p.m. each day, but not in between. If it’s not an emergency, no one should expect you to respond right away.

Spending hours a day answering emails can stand in the way of getting other things done. One recent study shows that on days when managers face heavy email demands, they make less progress toward their goals and end up being less proactive in communicating their vision and setting expectations.

But that same study shows that email load takes a toll only if it’s not central to your job. And let’s face it: These days email is central to most jobs. What we really need to do is to make email something we think carefully about before sending, and therefore feel genuinely bad ignoring.

Whatever boundaries you choose, don’t abandon your inbox altogether. Not answering emails today is like refusing to take phone calls in the 1990s or ignoring letters in the 1950s. Email is not household clutter and you’re not Marie Kondo. Ping!

Your inbox isn’t just a list of other people’s tasks. It’s where other people help you do your job. It allows you to pose questions with a few keystrokes instead of spending the whole day on the phone, and it’s vital to gathering information that you can’t easily find in a Google search.

“My inbox is other people’s priorities” bothers me as a social scientist, but also as a human being. Your priorities should include other people and their priorities. It’s common courtesy to engage with people who are thoughtful in reaching out.

This isn’t just about doing unto others as you’d have them do unto you. Clearing out your inbox can jump-start your own productivity. One set of experiments showed that if you’re behind on a task, you’ll finish it faster if you’re busy, because you know you need to use your time efficiently. As a writer, I like to start the morning by answering a few emails — it helps me get into a productive rhythm of deep work. If you think you have too many emails, maybe you just don’t have enough.

Everyone occasionally misses an email. But if you’re habitually “too busy” to answer legitimate emails, there’s a problem with your process. It sends a signal that you’re disorganized — or that you just don’t care.

If you’re just hopelessly behind on your inbox, at least set up an auto-reply giving people another channel where they can reach you. A Slack channel. Twitter. A phone number. Post-it notes. Carrier pigeon.

Remember that a short reply is kinder and more professional than none at all. If you have too much on your plate, come clean: “I don’t have the bandwidth to add this.” If it’s not your expertise, just say so: “Sorry, this isn’t in my wheelhouse.” And if you want to say no, just say “no.”

We can all learn from the writer E.B. White, who, in response to a 1956 letter asking him to join a committee, responded with two short sentences. The first: a thank-you for the invitation. The second: “I must decline, for secret reasons.”

Researcher reveals Eskom data leak

By Charlie Osborne for Zero Day 

In what may be a case of “if we ignore it, it will go away,” South Africa’s largest electricity company has become the subject of the public exposure of customer data after ignoring researcher pleas to resolve the problem.

Eskom is South Africa’s state-owned electricity company which generates approximately 95 percent of the region’s electricity, as well as roughly 45 percent of all of the electricity used across the African continent.

On Tuesday, cybersecurity researcher Devin Stokes sent a public tweet to Eskom which appears inlaid with frustration at non-communicativeness from the electricity provider.

Stokes said, “You don’t respond to several disclosure emails, email from journalistic entities, or Twitter DMs, but how about a public tweet? This is going on for weeks here. You need to remove this data from the public view!”

The following image contains a screenshot of what appears to be customer and service-related data, including account IDs, start and end service dates, and meter information:

Several hours later, Stokes published a further screenshot with a live timestamp, commenting, “OK. It got worse.”

It appears that this database entry contained some of the financial data of a customer, including name, card type, a partial card number, and CVV, the three-digit security code which is required for purchases in-person or online.

According to the researcher, the electricity provider has left its billing software database exposed, lacking so much as a password.

The most recent customer estimates available, published in 2016, claim that Eskom accounts for roughly 5.7 million customers across South Africa. It is not known how many customers may have been involved in the reported breach.

However, this may not be the only security failure Eskom needs to grapple with — as one of the company’s own employees may have complicated matters further in their gaming enthusiasm.

In a screenshot posted by MalwareHunterTeam, another Twitter user warned Eskom of the existence of a Trojan on one of their networked, corporate machines. The user reported that the Trojan infected the machine through a fake SIMS 4 game installer.

The Twitter user, going under the handle “@sS55752750,” added that the offending employee is a “senior infrastructure advisor.”

While there has been no news on the exposed database, Eskom did thank the researcher who disclosed the Trojan’s existence, saying, “This has been investigated and the necessary actions have been taken. Thank you for bringing it to our attention.”

“Accidental breaches of this type further drive home the point that every company should have a formal process to accept vulnerability reports from external third parties,” Jon Bottarini, Lead Technical Program Manager for HackerOne told ZDNet in response to the news. “Exposing the vulnerability details on Twitter seems to have been the last-ditch attempt on behalf of the security researcher to try and get in contact with someone who can resolve the issue.”

Eskom told ZDNet that the company is “conducting investigations to determine whether sensitive Eskom information was compromised as a result of this incident,” but will not comment further until the investigation has been concluded.

Source: MyBroadband

MWEB and Absa clients have been targeted in a new e-mail phishing attack, where they are asked to open an attachment aimed at stealing their private information.

The email asks users to open an HTML attachment, which in turn opens a form in a browser which steals the victim’s personal details.

In the past, executable keyloggers were attached to emails to steal account information from victims.

However, most security services now block users from opening an attached executable file, as most of these files are malicious.

Scammers are now using HTML pages as attachments, where users are asked to provide their personal details in what appears to be a legitimate website.

In these scams, users are encouraged to open the attached email file, which opens in a browser and requests their username and password for a service.

This information is then sent to the criminal’s email address using a basic PHP script.

MWEB and Absa scam email
This is the method used in the latest email scam which is targeting MWEB and Absa clients.

The email, which claims to come from MWEB – but is sent from “info@mailsynk.co.za” – tells users that their “invoices and/or receipts and statement that you requested attached to this email”.

The attachment is the phishing page, which in this case uses the domain “jehovalchristofficeinternatona.co.za” to host the scripts.

Without looking at the HTML code, there are many warning signs that this is a scam email:

  • The email does not come from MWEB or Absa. It should be noted that an email which comes from an @mweb.co.za or @absa.co.za does not automatically mean it is authentic.
  • The email is poorly structured and contains poor grammar.
  • There is no personalisation in the email, with a user’s name or account details.
  • It mentions a PDF file, but the attachment is a .htm file.
  • Users are asked to provide their personal details to view a file – a clear sign it is a phishing attack.

By Vicky Sidler for MyBroadband / Nick Saunders at Mimecast

When I say the word “bat”, what image comes to mind? A flying mammal? A cricket bat?

In English, they call this a “homograph”: when two or more words are spelled the same but don’t have the same meanings or origins.

In cyber-security, a homograph is a lot more sinister. It’s a term given to a type of impersonation attack where an email address or website URL looks legitimate but isn’t. It’s designed to trick people into clicking on malicious links or to fool them into transferring money or sharing sensitive information.

Recent research by Vanson Bourne and Mimecast found that more than 85% of respondents had seen impersonation fraud in the past 12 months, and 40% had seen an increase in this type of attack in the same period. In South Africa, 36% of respondents had seen an increase in impersonation fraud asking to make wire transactions, and 37% had seen an increase in impersonation fraud asking for confidential data.

Despite this growth, many organisations do not have a cyber resilience strategy in place to help them detect, prevent and recover from these types of attacks.

Easy to execute, hard to detect
Homograph attacks are difficult to detect – by both the user and regular email security systems.

To create these lookalike domains, attackers use non-Western character sets or special characters found in Greek, Cyrillic and Chinese, to display letters which, to the naked eye, look identical to the western alphabet. Mimecast.com, for example, looks like мімесаѕт.com in Cyrillic. According to one domain name checker, there are 117 possible Mimecast domains that can be misrepresented with just one character from a non-English alphabet.

These subtle changes are likely to go unnoticed by users. In South Africa, 31% of respondents were not confident that employees could spot and defend against impersonation attacks, which easily and often slip through an organisation’s security systems.

Some 21% of South African respondents were not confident that their organisation’s security defences could defend against impersonation fraud asking for confidential information, rising to 25% for fraud asking to make wire transactions – in line with global trends.

This is because the emails themselves don’t contain malware and the URLs often have legitimate (read: stolen) security certificates.

Is it me you’re looking for?
Website URLs aren’t the only avenues for impersonation attacks; email address impersonation is also on the rise.

These types of attacks are designed to trick users such as finance managers, executive assistants and HR representatives into transferring money or disclosing information that can be monetised by cybercriminals. The email appears to come from someone they trust – a C-suite executive or a third-party supplier that they regularly do business with – and therefore wouldn’t think twice about responding to.

South Africans reported that, in the past 12 months, cybercriminals have attempted to impersonate finance teams (24%), third-party vendors (20%), a member of the C-suite (7%), as well as HR, sales, operations, legal and marketing team members (between 5% and 8%).

Again, these emails do not contain malware, which means they can go undetected by most email security systems. Social engineering attacks such as these rely on our inability to spot anomalies in URLs and email addresses – and the fact that we believe we’re communicating with someone we know.

Know what to do
Cybercriminals have figured out that they can bypass security systems by switching from malware-laden attacks to malware-less impersonation attacks. Now, social engineering meets technical means to put us in the middle of the next evolution of cyber-attacks.

Here are some measures organisations can implement to guard against these types of attacks:

  1. Education – when users know how social engineering and spoofing attacks work and then understand they shouldn’t click on links in emails, breach incidents can be drastically reduced. Users should be encouraged to physically type an address into a browser rather than click on a link in an email, even if it was supposedly sent by someone they know and trust. Education and awareness will always be the most important defence mechanisms.
  2. Protection – email security systems are getting better at stopping malware which enter the network through dodgy files and attachments, but few are effective against impersonation attacks. Organisations need a solution that can deep-scan all inbound emails and inspect for header anomalies, domain similarity, sender spoofing and the existence of keywords and suspicious impersonation emails. These can then be blocked, quarantined, or delivered as flagged to alert the receiver of potential risk.
  3. Resilience – having the right threat protection in place is just one part of a robust cyber resilience strategy. Organisations also need to be able to adapt their strategies to stay ahead of attacks, while having the durability to continue with business as usual in the event of an attack, and the recoverability to ensure data and emails are always accessible.
  4. Oversight – often, lax security on a third-party supplier’s side provides an entry point into an organisation’s network. Enterprises should continuously evaluate and manage the security and privacy policies of their suppliers and include security in their service level agreements. They should also perform on-site security assessments with new suppliers before sharing sensitive information.
  5. Visibility – organisations need to know who their vendors are and who has access to company information, and for what reasons. This is even more important now that the EU’s General Data Protection Regulation has come into force and will affect all South African organisations when the Protection of Personal Information Act is finalised.

Thirty-seven percent of South African organisations have suffered data loss because of email-based impersonation attacks in past 12 months. These organisations also reported reputational damage (34%), loss of customers (29%), direct financial loss (17%) and lost market position (19%).

Email continues to be the number one threat to organisations globally and accounts for 96% of all incidents that organisations face.

Clearly, there is an urgent need to work towards a higher standard of email security. Cyber-criminals have evolved their attack methods. It’s time the security strategies organisations use to protect their users and their businesses evolve as well.

By Adiel Ismail for Fin24 

Goliath and Goliath CEO Kate Goliath is encouraging small businesses to ramp up security measures after her comedy and entertainment agency fell victim to invoice intercepting as a result of e-mail hacking.

Goliath and Goliath is out of pocket to the tune of more than R300 000, while its subsidiary The PR Bailiff has been scammed out of R20 000.

The hackers gained access to the company’s emails and requested clients to make payments to a different bank account.

Goliath told Fin24 that small businesses shouldn’t just rely on tech companies to educate them about cybercrime.”Find out as much information about how hackers get into the systems so that you are aware of what service providers need to offer,” she said.

“Be vigilant. Protect your business and insure the technical side of your business as well.”

The company opened a case with the police and is in the process of sending a subpoena to the bank where the funds have been deposited.

Afrihost said it will work with the police to further investigate the incident. “We strongly believe this was a case of phishing,” a representative told Fin24.

Entertainment and media high risk for cybercrime

“We have noticed that some banks are posting warnings before a client makes a payment to verify that the bank details they’re using are correct. We assume that this is because of an increase in these types of phishing attacks.”

Cyber incidents rank top in the entertainment and media, financial services, technology and telecommunications industries, according to the Allianz Risk Barometer 2018.

The report revealed that cyber incidents remain a top threat with 38% of responses for South African businesses, which is reported to lose billions of rands a year to cyber attacks.

The three Goliaths – Jason, Donovan and Nicholas – do stand-up comedy and entertains at workshops, conferences, award ceremonies and events.

Craig Rosewarne, Managing Director at Wolfpack Information Risk, which is a threat intelligence firm that specialises in understanding and predicting cyber threats, said small and medium businesses are just as vulnerable as big businesses when it comes to hacking.

“Their challenge however is that security is often the last thought until they get stung and end up either losing a substantial amount of money or leaking their customer’s sensitive data,” he told Fin24.

Wolfpack has assisted many small and medium sized businesses whose invoices have been hacked, said Roseware. In this regard it has found three common causes:

1. Attackers will perform reconnaissance on key individuals in IT / Finance / Execs and send a targeted spear phishing email to target their machines for access or further information

2. Spyware is loaded on their devices that record keystrokes and take screenshots for the attacker

3. Compromising their online hosting / email platform and adding in rules for any email that has the word “invoice” or “payment” – to send a duplicate email to the attacker’s gmail or “burner” account.

Tips for companies

Roseware suggested that companies under attack should conduct an independent risk assessment and obtain guidance on how to mitigate risk.

“Employees should also be made aware of risks and this should be backed up with an information security policy signed by staff and contractors.”

He also stressed the importance of having up to date anti-malware software on all devices that process sensitive information.

Cyber risk is fast becoming the number one risk facing countries, governments and organisations, noted Roseware.

“In all of these scenarios it often boils down to an individual that gets compromised so cyber awareness is key in both your business and personal lives.”

How to keep on top of your e-mails

They are one of the biggest distractions of office life, pinging into your inbox every few minutes.

But ignoring your emails, even if you get hundreds a day, is not the best way to be more productive.
Checking just a few times at work has the opposite effect, a review by Kingston University has found, and will probably just make you more stressed.

Ignoring your emails, even if you get hundreds a day, is not the best way to be more productive. Checking just a few times at work has the opposite effect, a review by Kingston University has found, and will probably just make you more stressed, even if you get hundreds a day, is not the best way to be more productive.

Checking just a few times at work has the opposite effect, a review by Kingston University has found, and will probably just make you more stressed.

The four steps

1) Delete or file away emails whenever you check  your inbox – by reducing inbox clutter, people report feeling less overloaded.

2) Switch off email alerts – interruptions can have a negative impact on our efficiency, but make sure that you are still logging on every 45 minutes or so – to stay on top.

3) Use the ‘delay send’ function when sending email out of hours – this means recipients only receive their email during normal working hours. While you are taking advantage of the flexibility of email, you aren’t imposing this on the recipient.

4) Review your personal email strategies – are your emails purposeful and efficient or are they habitual and reactionary? The best advice is apparently to log on every 45 minutes to stay on top of new emails and work priorities.

The review’s author, Dr Emma Russell, Head of the Wellbeing at Work Research Group at Kingston Business School, says: “People use email to help them get their jobs done. Most people say they couldn’t imagine being able to do their work effectively without it, and very few send non-work critical email during their working day.”

The review highlights three popular myths which are not backed up by the academic evidence.

Email myths
The review highlights three popular myths which are not backed up by the academic evidence.
The first is that emails are a ‘time-wasting distraction from “real” work’, while in fact recent studies show up to 92 per cent of emails received are critical to people’s jobs.

Another is that we should limit ourselves to checking email a few times a day, such as in the morning, at lunchtime and before leaving work, which in fact makes people feel less in control.

The third myth is that emails stop us getting on well with other people, because of ‘back-covering’ messages, for example, cc’ing in colleagues who people want to implicate in mistakes.

However studies show the cc’ing culture of copying people into emails in facts forges rewarding relationships by keeping workmates informed and in the loop.

Dr Russell wrote: ‘The same participants also reported that processing more email resulted in greater perceived coping – actually dealing with email and keeping on top of it helped workers to feel in control.”

The study was commissioned by Acas, the mediation service which also provides workplace training.

By Victoria Allen for The Daily Mail

Ropemaker: a new email security weakness

Most people live under the assumption that email is immutable once delivered, like a physical letter. A new email exploit, dubbed ROPEMAKER by Mimecast’s research team, turns that assumption on its head, undermining the security and non-repudiation of email; even for those that use SMIME or PGP for signing.

Using the ROPEMAKER exploit a malicious actor can change the displayed content in an email at will. For example, a malicious actor could swap a benign URL with a malicious one in an email already delivered to your inbox, turn simple text into a malicious URL, or edit any text in the body of an email whenever they want. All of this can be done without direct access to the inbox.

Described in more detail in a recently published security advisory, Mimecast has been able to add a defense against this exploit for our customers and also provide security recommendations that can be considered by non-customers to safeguard their email from this email exploit.

So what is ROPEMAKER?

The origin of ROPEMAKER lies at the intersection of email and Web technologies, more specifically Cascading Style Sheets (CSS) used with HTML. While the use of these Web technologies has made email more visually attractive and dynamic relative to its purely text-based predecessor, this has also introduced an exploitable attack vector for email.

Clearly, giving attackers remote control over any aspect of ones’ applications or infrastructure is a bad thing. As is described in more depth in the ROPEMAKER Security Advisory, this remote-control-ability could enable bad actors to direct unwitting users to malicious Web sites or cause other harmful consequences using a technique that could bypass common security controls and fool even the most security savvy users. ROPEMAKER could be leveraged in ways that are limited only by the creativity of the threat actors, which experience tells us, is often unlimited.

Changing this:

Into this, post-delivery (without having direct access to the user’s desktop):

To date, Mimecast has not seen ROPEMAKER exploited in the wild. We have, however, shown it to work on most popular email clients and online email services. Given that Mimecast currently serves more than 27K organizations and relays billions of emails monthly, if these types of exploits were being widely used it is very likely that Mimecast would see them. However, this is no guarantee that cybercriminals aren’t currently taking advantage of ROPEMAKER in very targeted attacks.

For details on email clients that we tested that are and are not exploitable by ROPEMAKER and the specifics on a security setting recommended by Apple for Apple Mail, please see the ROPEMAKER Security Advisory.

Is ROPEMAKER a software vulnerability, a form of potential application abuse/exploit, or a fundamental design flaw resulting from the intersection of Web technologies and email? Does it really matter which it is? For sure attackers don’t care why a system can be exploited, only that it can be. If you agree that the potential of an email being changeable post-delivery under the control of a malicious actor increases the probability of a successful email-borne attack, the issue simplifies itself. Experience tells us that cybercriminals are always looking for the next email attack technique to use. As an industry let’s work together to reduce the likelihood that the ROPEMAKER style of exploits gains any traction with cybercriminals!

by Matthew Gardiner for Mimecast

 

Words matter. People may not read everything, but they do scan. And they process information subconsciously at lightning speeds to determine if they’ll click or bounce within a few fractions of a second.
While some words (like “Submit” on your button) may seem innocent enough, they could be costing you dearly, turning away visitors in droves.

Here’s why, along with a few other conversion-sabotaging words you need to replace in your e-mails, ads, and landing pages ASAP.

‘Submit’
“Submit” is a derivation of submission. And therein lies the problem. There’s a negative connotation with yielding to someone or something superior. People, as a general rule, don’t like yielding.
This was proven definitively years and years ago by Dan Zarella and HubSpot. They took a look at the conversion rates of over 40 000 customer landing pages and quickly noticed a huge discrepancy.
When call to action (CTA) buttons included the word “submit,” conversion rates tended to drop immediately by a few percentage points.
Use words like “click here” or “go” instead.

‘Synergy’
What’s the fastest way to learn terrible copywriting? Get an MBA.
Because in just a few short weeks, you’ll find yourself spewing out “synergy,” “competencies,” and a host of other clichéd, meaningless words that have old professors nodding their heads in approval.
As evidence, go visit almost any B2B website outside of marketing and advertising. Your eyes will glaze over, your face will contort, and a sudden bout of narcolepsy might hit at any moment.
Many times, clients and bosses don’t notice anything wrong at first either. The problem with “best in class” and all other common business jargon (besides the fact that it also appears on every competitor’s Web site) is that customers can detect that the company is talking nonsense.
Research shows that people prefer things that are easy to think about to those that are hard. Generally, the level of reading comprehension is low. People aren’t focusing or reading online; they’re scanning and multitasking and browsing and tweeting while looking at your page.
Rewrite anything with the faintest resemblance to what you learned in school.

‘Spam’
Consumers are bombarded with hundreds of “greymail” e-mails each day. Trillions are being sent by marketers each year. So you’d think, logically speaking, that assuring visitors you won’t spam them would help conversions. Unfortunately that’s not the case. “Spam” is a huge stop word — or no no — that causes
people to become apprehensive and hesitate.
A test carried out by Michael Aargaard showed the surprising ramifications. He added the seemingly harmless line of “100% privacy — we will never spam you” in between the form fields and submission button.
Typically, these extra credibility indicators surrounding a CTA can help to give conversions a nice little boost. But not in this case, and it backfired by over 18%.
Try assurances like “Your information will not be shared.”
Avoid words with a negative connotation (as we saw with “submit”) in general, and use additional messaging to reinforce the positive aspects of what someone is about to get.

‘We’
“We” opens a door. It’s like the gateway drug of bad copywriting. One small hit, and you’re quickly off to dabbling with bigger, badder things.
While it might seem harmless at the time, “we” puts you on a path to jonesing for a fix of “synergy” and “best in class” in no time.
But keep in mind, that as a general rule, people don’t care about you. Instead, they want a “better version of themselves.”
This is especially so for all those visiting your site at the top of the funnel, who haven’t realized a need for your product or service yet. They’re Googling solutions for drilling a hole in their wall so they can hang a picture… they’re not looking for a drill (just yet).
That means the focus of messaging should be centered around a problem and solution, not a tool, product or service.
Instead of “we” begin with “you” or don’t use a pronoun at all (like a question or a command/call to action).

‘Your’
The copy on most web sites is written in the second person. And that’s a good thing! Copywriters are taught to use “you” instead of “they” when explaining the benefits derive from the latest product or service.
However, there are exceptions. When focusing on a CTA or specific conversion event, the “possessive determiner” should switch back to first person.
Another test from Michael Aagaard proves the point. Michael initially thought that “your” in the CTA button copy would work best. But he found an almost a 25% difference, just by switching a single word – from “your free trial” to “my free trial”.
Switching to “my” gives people ownership of the benefit they’re about to receive.

‘Free’
You’d think, on the surface, that “free” increases conversions. And it does in most cases. The last example a few seconds ago used a “free trial” to generate more interest (and clicks). But there are exceptions.
The first (albeit tiny) issue is that the word “free” can trip up spam filters in email messaging. The second, bigger problem though is a curious case of over-optimisation. The problem is that more conversions isn’t always better. A Totango study showed that 70% of the people who sign up for free trials are useless, with
only around 20% of those actively evaluating the product.
So while the word “free” can (and will) increase initial conversions, you should be optimising for sales and revenue — not vanity metrics like leads or impressive (but hollow) conversion rates.

‘Save time and money’
So far we’ve seen that vague, meaningless, overly generic phrases are bad for conversions. The culmination of them all — the cherry on top and the pièce de résistance — is “save time and money”.
This phrase breaks one of the very first rules of copywriting that says you should write to a particular audience.
Roll up your sleeves and dig a little deeper into who you’re speaking to, and what they value most.
The key is to ferret out those few ingredients that make your offering awesome & unique, which both audiences value. You want the stuff that overlaps, which will help you create a specific value proposition that reinforces your primary aim (of driving conversions), while avoiding the same generic message showing up on each of your competitor’s Web sites.

Souce: WordStream

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top