Will the 2020s be online advertising’s holistic decade?

With less than two months left in the decade, advertising is again entering a new phase of rapid expansion with customer experience front and center.

The explosion of data and identity management, combined with technical advancements in real-time signal detection and machine learning, present new opportunities to respond to consumers, but mastering this ability enables marketers to create “magic moments” — instances of hyper-relevant content, delivered at the perfect time and place. 

We’ll see evolutions on the back end in terms of delivery and measurement — as well as on the consumer-facing end — through new creative deployments that enhance the brick-and-mortar shopping trip. Marketers will be held to a higher standard, both by clients demanding world-class performance and proof, as well as consumers who want relevancy, helpfulness and privacy from their brand relationships. 

Achieving this balance won’t be an easy task, but the most progressive marketers will succeed in driving this industry toward a more customer-centric future because they took steps to evolve before it was too late. With that in mind, here are five ways we expect advertising to become more holistic in the 2020s: 

Smart data will take priority over big data

Most marketers have heard the adage, “garbage in, garbage out.” For too long, the industry relied on sheer quantity of data with no quality metrics for making key audience assumptions. This mentality has had a detrimental effect on our industry, creating an ecosystem where people simply hate ads and brands focus on viewability over ROI.

To truly understand our audiences, we must first turn data from multi-channel interactions into smart, actionable insights. This involves not only understanding who the customer is, but what motivates them. 

Progressive marketers will continue to invest heavily in identity graphs to tie critical data and behaviors to individual profiles across channels. Using data science and machine learning, marketers will then be able to advance their knowledge about consumers to new levels, employing new messaging tactics based not only on value, but also on what inspires action. Key nuances, like distinguishing a deal-seeker from a value-seeker, will lead to more engaging personalized experiences and ultimately better ROI for advertisers.

We’ll see a flurry of investment in real-time engagement

We live in a world where our technology predicts where we are going, what we are seeking and how long it will take to get there by recognizing our patterns and everyday behaviors. The benefits in terms of convenience and knowledge are addictive. Look no further than email, social and Alexa to see how real-time awareness and time savings from these interactions impact our everyday lives.  

For marketers, capturing this lightning in a bottle has always been elusive — until now. The rise of real-time advertising, customer data platforms (CDPs), data science and machine learning have created the ability to detect purchases as well as online and real world location signals in real-time. This enables marketers to not only predict the next shopping trip, but what a consumer is likely to buy, when it matters most.

These sense-and-respond capabilities will enable progressive marketers to create experiences of enormous value at the moments that matter, such as triggering an offer of relevance upon entering a store or delivering a tailored experience at a specific time and location. The new decade will bring about massive investments into these technologies given their immediate ability to influence consumers during the actual purchase process. We’ll see budgets being specifically carved out to support real-time advertising and technologies as marketers optimize and convert users with greater effectiveness.  

For consumers, it means that the in-store experience will continue to become more interactive, with mobile devices as the connecting point between e-commerce and brick and mortar. Brands that thrive in this environment will win by delivering meaningful creative that connects both online and offline worlds in a helpful and relevant way.

Cutting-edge tech will create new ad experiences

TriNet sent remote workers an email that some thought was a phishing attack

It was the one of the best phishing emails we’ve seen… that wasn’t.

Phishing remains one of the most popular attack choices for scammers. Phishing emails are designed to impersonate companies or executives to trick users into turning over sensitive information, typically usernames and passwords, so that scammers can log into online services and steal money or data. But detecting and preventing phishing isn’t just a user problem — it’s a corporate problem too, especially when companies don’t take basic cybersecurity precautions and best practices to hinder scammers from ever getting into a user’s inbox.

Enter TriNet, a human resources giant, which this week became the poster child for how how to make a genuine email to its customers look inadvertently as suspicious as it gets.

Remote employees at companies across the U.S. who rely on TriNet for access to outsourced human resources, like their healthcare benefits and workplace policies, were sent an email this week as part of an effort to keep employees “informed and up-to-date on the labor and employment laws that affect you.”

Workers at one Los Angeles-based health startup that manages its employee benefits through TriNet all got the email at the same time. But one employee wasn’t convinced it was a real email, and forwarded it — and its source code — to TechCrunch.

TriNet is one of the largest outsourced human resources providers in the United States, primarily for small-to-medium-sized businesses that may not have the funding to hire dedicated human resources staff. And this time of year is critical for companies that rely on TriNet, since health insurance plans are entering open enrollment and tax season is only a few weeks away. With benefit changes to consider, it’s not unusual for employees to receive a rash of TriNet-related emails towards the end of the year.

But this email didn’t look right. In fact when we looked under the hood of the email, everything about it looked suspicious.

This is the email that remote workers received. TriNet said the use of an Imgur-hosted image in the email was “mistakenly” used. (Image: TechCrunch/supplied)

We looked at the source code of the email, including its headers. These email headers are like an envelope — they say where an email came from, who it’s addressed to, how it was routed, and if there were any complications along the way, such as being marked as spam.

There were more red flags than we could count.

Chief among the issues were that the TriNet logo in the email was hosted on Imgur, a free image-hosting and meme-sharing site, and not the company’s own website. That’s a common technique among phishing attackers — they use Imgur to host images they use in their spam emails to avoid detection. Since the image was uploaded in July, that logo was viewed more than 70,000 times until we reached out to TriNet, which removed the image, suggesting thousands of TriNet customers had received one of these emails. And, although the email contained a link to a TriNet website, the page that loaded had an entirely different domain with nothing on it to suggest it was a real TriNet-authorized site besides a logo, which if it were a phishing site could’ve been easily spoofed.

Fearing that somehow scammers had sent out a phishing email to potentially thousands of TriNet customers, we reached out to security researcher John Wethington, founder of security firm Condition:Black, to examine the email.

It turns out he was just as convinced as us that the email may have been fake.

“As hackers and self-proclaimed social engineers, we often think that spotting a phishing email is ‘easy’,” said Wethington. “The truth is it’s hard.”

“When we first examined the email every alarm bell was going off. The deeper we dug into it the more confusing things became. We looked at the domain name records, the site’s source code, and even the webpage hashes,” he said.

There was nothing, he said, that gave us “100% confidence” that the site was genuine until we contacted TriNet.

TriNet spokesperson Renee Brotherton confirmed to TechCrunch that the email campaign was legitimate, and that it uses the third-party site “for our compliance ePoster service offering. She added: “The Imgur image you reference is an image of the TriNet logo that Poster Elite mistakenly pointed to and it has since been removed.”

“The email you referenced was sent to all employees who do not go into an employer’s physical workspace to ensure their access to required notices,” said TriNet’s spokesperson.

When reached, Poster Elite also confirmed the email was legitimate.

This is not a phishing site, but it sure looks like one. (Image: TechCrunch)

How did TriNet get this so wrong? This culmination of errors had some who received the email worried that their information might have been breached.

“When companies communicate with customers in ways that are similar to the way scammers communicate, it can weaken their customer’s ability over time to spot and shut down security threats in future communications,” said Rachel Tobac, a hacker, social engineer, and founder of SocialProof Security.

Tobac pointed to two examples of where TriNet got it wrong. First, it’s easy for hackers to send spoofed emails to TriNet’s workers because TriNet’s DMARC policy on its domain name is not enforced.

Second, the inconsistent use of domain names is confusing for the user. TriNet confirmed that it pointed the link in the email — posters.trinet.com — to eposterservice.com, which hosts the company’s compliance posters for remote workers. TriNet thought that forwarding the domain would suffice, but instead we thought someone had hijacked TriNet’s domain name settings — a type of attack that’s on the increase, though primarily carried out by state actors. TriNet is a huge target — it stores workers’ benefits, pay details, tax information and more. We had assumed the worst.

“This is similar to an issue we see with banking fraud phone communications,” said Tobac. “Spammers call bank customers, spoof the bank’s number, and pose as the bank to get customers to give account details to ‘verify their account’ before ‘hearing about the fraud the bank noticed on their account — which, of course, is an attack,” she said.

“This is surprisingly exactly what the legitimate phone call sounds like when the bank is truly calling to verify fraudulent transactions,” Tobac said.

Wethington noted that other suspicious indicators were all techniques used by scammers in phishing attacks. The posters.trinet.com subdomain used in the email was only set up a few weeks ago, and the eposterservice.com domain it pointed to used an HTTPS certificate that wasn’t associated with either TriNet or Poster Elite.

These all point to one overarching problem. TriNet may have sent out a legitimate email but everything about it looked problematic.

On one hand, being vigilant about incoming emails is a good thing. And while it’s a cat-and-mouse game to evade phishing attacks, there are things that companies can do to proactively protect themselves and their customers from scams and phishing attacks. And yet TriNet failed in almost every way by opening itself up to attacks by not employing these basic security measures.

“It’s hard to distinguish the good from the bad even with proper training, and when in doubt I recommend you throw it out,” said Wethington.

Helping banks refine sales pitches and customer service, Minneapolis-based Total Expert raises $52 million

It’s no secret that the art of customer service in the modern era is something that banks desperately need help with.

One of the reasons why challenger banks have been able to find acceptance, new customers and — well — the ability to challenge existing banking companies is the mistreatment customers receive from their existing money holders.

That’s why tools designed to help marketing and customer engagement are a big business and why the Minneapolis-based Total Expert has been able to raise $52 million in its latest round of financing.

The new round brings the company’s total haul to $86 million thanks to capital investments from Georgian Partners, Emergence, and Rally Ventures (all veteran software as a service investors).

“We are incredibly excited about Total Expert’s approach to building trust and maximizing the long-term value of relationships between consumers and lenders,” said Simon Chong, managing partner and co-founder of Georgian Partners, in a statement. “The future of consumer finance is engaging across all product and customer needs during their financial life, and Total Expert is the category leader powering this humanized automation and compliance at scale.”

The company said it will use the money to expand on its 218 person team — especially hiring additional data scientists and designers. The company also said it would accelerate the development of new automation tools to help small banks and credit unions compete.

“The future of financial services belongs to firms that combine human interaction with technology in a way that creates higher quality and more relevant experiences throughout the entire customer journey,” said Joe Welu, Total Expert’s chief executive officer. “Every interaction a consumer has with a financial services brand either erodes trust or builds trust, and legacy technology makes it difficult to deliver on the expectations of the modern consumer. Our mission is to ensure that banks and lenders create customers for life by delivering on these expectations”

Veteran enterprise exec Bob Stutz is heading back to SAP

Bob Stutz has had a storied career with enterprise software companies including stints at Siebel Systems, SAP, Microsoft and Salesforce. He announced on Facebook last week that he’s leaving his job as head of the Salesforce Marketing Cloud and heading back to SAP as president of customer experience.

Bob Stutz Facebook announcement

Bob Stutz Facebook announcement

Constellation Research founder and principal analyst Ray Wang says that Stutz has a reputation for taking companies to the next level. He helped put Microsoft CRM on the map (although it still had just 2.7% marketshare in 2018, according to Gartner) and he helped move the needle at Salesforce Marketing Cloud.

Bob Stutz

Bob Stutz, SAP’s new president of customer experience. Photo: Salesforce

“Stutz was the reason Salesforce could grow in the Marketing Cloud and analytics areas. He fixed a lot of the fundamental architectural and development issues at Salesforce, and he did most of the big work in the first 12 months. He got the acquisitions going, as well,” Wang told TechCrunch. He added, “SAP has a big portfolio from CallidusCloud to Hybris to Qualtrics to put together. Bob is the guy you bring in to take a team to the next level.”

Brent Leary, who is a long-time CRM industry watcher, says the move makes a lot of sense for SAP. “Having Bob return to head up their Customer Experience business is a huge win for SAP. He’s been everywhere, and everywhere he’s been was better for it. And going back to SAP at this particular time may be his biggest challenge, but he’s the right person for this particular challenge,” Leary said.

Screenshot 2019 10 21 09.15.45

The move comes against the backdrop of lots of changes going on at the German software giant. Just last week, long-time CEO Bill McDermott announced he was stepping down, and that Jennifer Morgan and Christian Klein would be replacing him as co-CEOs. Earlier this year, the company saw a line of other long-time executives and board members head out the door including including SAP SuccessFactors COO Brigette McInnis-Day, Robert Enslin, president of its cloud business and a board member, CTO Björn Goerke and Bernd Leukert, a member of the executive board.

Having Stutz on board could help stabilize the situation somewhat, as he brings more than 25 years of solid software company experience to bear on the company.

What’s the right way to sponsor a YouTube influencer?