Shadows’ Dylan Flinn and Kombo’s Kevin Gould on the business of ‘virtual influencers’

In films, TV shows and books — and even in video games where characters are designed to respond to user behavior — we don’t perceive characters as beings with whom we can establish two-way relationships. But that’s poised to change, at least in some use cases.

Interactive characters — fictional, virtual personas capable of personalized interactions — are defining new territory in entertainment. In my guide to the concept of “virtual beings,” I outlined two categories of these characters:

  • virtual influencers: fictional characters with real-world social media accounts who build and engage with a mass following of fans.
  • virtual companions: AIs oriented toward one-to-one relationships, much like the tech depicted in the films “Her” and “Ex Machina.” They are personalized enough to engage us in entertaining discussions and respond to our behavior (in the physical world or within games) like a human would.

Part 2 of 3: the business of virtual influencers

Today’s discussion focuses on virtual influencers: fictional characters that build and engage followings of real people over social media. To explore the topic, I spoke with two experienced entrepreneurs:

  • Dylan Flinn is CEO of Shadows, an LA-based animation studio that’s building a roster of interactive characters for social media audiences. Dylan started his career in VC, funding companies such as Robinhood, Patreon and Bustle, and also spent two years as an agent at CAA.
  • Kevin Gould is CEO of Kombo Ventures, a talent management and brand incubation firm that has guided the careers of top influencers like Jake Paul and SSSniperWolf. He is the co-founder of three direct-to-consumer brands — Insert Name Here, Wakeheart and Glamnetic — and is an angel investor in companies like Clutter, Beautycon and DraftKings.

Facebook won’t ban political ads, prefers to keep screwing democracy

It’s 2020 — a key election year in the US — and Facebook is doubling down on its policy of letting people pay it to fuck around with democracy.

Despite trenchant criticism — including from US lawmakers accusing Facebook’s CEO to his face of damaging American democracy the company is digging in, announcing as much today by reiterating its defence of continuing to accept money to run microtargeted political ads.

Instead of banning political ads Facebook is trumpeting a few tweaks to the information it lets users see about political ads — claiming it’s boosting “transparency” and “controls” while leaving its users vulnerable to default settings that offer neither.  

Political ads running on Facebook are able to be targeted at individuals’ preferences as a result of the company’s pervasive tracking and profiling of Internet users. And ethical concerns about microtargeting led the UK’s data protection watchdog to call in 2018 for a pause on the use of digital ad tools like Facebook by political campaigns — warning of grave risks to democracy.

Facebook isn’t for pausing political microtargeting, though. Even though various elements of its data-gathering activities are also subject to privacy and consent complaints, regulatory scrutiny and legal challenge in Europe, under regional data protection legislation.

Instead, the company made it clear last fall that it won’t fact-check political ads, nor block political messages that violate its speech policies — thereby giving politicians carte blanche to run hateful lies, if they so choose.

Facebook’s algorithms also demonstrably select for maximum eyeball engagement, making it simply the ‘smart choice’ for the modern digitally campaigning politician to run outrageous BS on Facebook — as long time Facebook exec Andrew Bosworth recently pointed out in an internal posting that leaked in full to the NYT.

Facebook founder Mark Zuckerberg’s defence of his social network’s political ads policy boils down to repeatedly claiming ‘it’s all free speech man’ (we paraphrase).

This is an entirely nuance-free argument that comedian Sacha Baron Cohen expertly demolished last year, pointing out that: “Under this twisted logic if Facebook were around in the 1930s it would have allowed Hitler to post 30-second ads on his solution to the ‘Jewish problem.’”

Facebook responded to the take-down with a denial that hate speech exists on its platform since it has a policy against it — per its typical crisis PR playbook. And it’s more of the same selectively self-serving arguments being dispensed by Facebook today.

In a blog post attributed to its director of product management, Rob Leathern, it expends more than 1,000 words on why it’s still not banning political ads (it would be bad for advertisers wanting to reaching “key audiences”, is the non-specific claim) — including making a diversionary call for regulators to set ad standards, thereby passing the buck on ‘democratic accountability’ to lawmakers (whose electability might very well depend on how many Facebook ads they run…), while spinning cosmetic, made-for-PR tweaks to its ad settings and what’s displayed in an ad archive that most Facebook users will never have heard of as “expanded transparency” and “more control”. 

In fact these tweaks do nothing to reform the fundamental problem of damaging defaults.

The onus remains on Facebook users to do the leg work on understanding what its platform is pushing at their eyeballs and why.

Even as the ‘extra’ info now being drip-fed to the Ad Library is still highly fuzzy (“We are adding ranges for Potential Reach, which is the estimated target audience size for each political, electoral or social issue ad so you can see how many people an advertiser wanted to reach with every ad,” as Facebook writes of one tweak.)

The new controls similarly require users to delve into complex settings menus in order to avail themselves of inherently incremental limits — such as an option that will let people opt into seeing “fewer” political and social issue ads. (Fewer is naturally relative, ergo the scale of the reduction remains entirely within Facebook’s control — so it’s more meaningless ‘control theatre’ from the lord of dark pattern design. Why can’t people switch off political and issue ads entirely?)

Another incremental setting lets users “stop seeing ads based on an advertiser’s Custom Audience from a list”.

But just imagine trying to explain WTF that means to your parents or grandparents — let alone an average Internet user actually being able to track down the ‘control’ and exercise any meaningful agency over the political junk ads they’re being exposed to on Facebook.

It is, to quote Baron Cohen, “bullshit”.

Nor are outsiders the only ones calling out Zuckerberg on his BS and “twisted logic”: A number of Facebook’s own employees warned in an open letter last year that allowing politicians to lie in Facebook ads essentially weaponizes the platform.

They also argued that the platform’s advanced targeting and behavioral tracking tools make it “hard for people in the electorate to participate in the public scrutiny that we’re saying comes along with political speech” — accusing the company’s leadership of making disingenuous arguments in defence of a toxic, anti-democratic policy. 

Nothing in what Facebook has announced today resets the anti-democratic asymmetry inherent in the platform’s relationship to its users.

Facebook users — and democratic societies — remain, by default, preyed upon by self-interested political interests thanks to Facebook’s policies which are dressed up in a self-interested misappropriation of ‘free speech’ as a cloak for its unfettered exploitation of individual attention as fuel for a propaganda-as-service business.

Yet other policy positions are available.

Twitter announced a total ban on political ads last year — and while the move doesn’t resolve wider disinformation issues attached to its platform, the decision to bar political ads has been widely lauded as a positive, standard-setting example.

Google also followed suit by announcing a ban on “demonstrably false claims” in political ads. It also put limits on the targeting terms that can be used for political advertising buys that appear in search, on display ads and on YouTube.

Still Facebook prefers to exploit “the absence of regulation”, as its blog post puts it, to not do the right thing and keep sticking two fingers up at democratic accountability — because not applying limits on behavioral advertising best serves its business interests. Screw democracy.

“We have based [our policies] on the principle that people should be able to hear from those who wish to lead them, warts and all, and that what they say should be scrutinized and debated in public,” Facebook writes, ignoring the fact that some of its own staff already pointed out the sketchy hypocrisy of trying to claim that complex ad targeting tools and techniques are open to public scrutiny.

Revenue train kept rolling all year long for Salesforce

Salesforce turned 20 this year, and the most successful pure enterprise SaaS company ever showed no signs of slowing down. Consider that the company finished the year on an $18 billion run rate, rushing toward its 2022 revenue goal of $20 billion. Oh, and it also spent a tidy $15.7 billion to buy Tableau this year in the most high-profile and expensive acquisition it’s ever made.

Co-founder, chairman and CEO Marc Benioff published a book called Trailblazer about running a socially responsible company, and made the rounds promoting it. In fact, he even stopped by TechCrunch Disrupt in San Francisco in September, telling the audience that capitalism as we know it is dead. Still, the company announced it was building two more towers in Sydney and Dublin.

It also promoted Bret Taylor just last week, who could be in line as heir apparent to Benioff and co-CEO Keith Block whenever they decide to retire. The company closed the year with a bang with a $4.5 billion quarter. Salesforce, for the most part, has somehow been able to balance Benioff’s vision of responsible capitalism while building a company makes money in bunches, one that continues to grow and flourish, and that’s showing no signs of slowing down anytime soon.

All aboard the gravy train

The company just keeps churning out good quarters. Here’s what this year looked like:

Instreamatic signs deals to allow people to talk to adverts on streaming services like an Alexa

Most in tech would agree that following the launch of Alexa and Google Home devices the ‘Voice Era’ is here. Voice assistant usage is at 3.3 billion right now; by 2020 half of all searches are expected to be done via voice. And with younger generations growing up on voice (55% of teens use voice search daily now), there’s no turning back.

As we’ve reported, the voice-based ad market will grow to $19 billion in the U.S. by 2022, growing the market share from the $17 billion audio ad market and the $57 billion programmatic ad market.

That means that voice shopping is also set to explode, with the volume of voice-based spending growing twenty-fold over the next few years due to voice-based virtual assistant penetration, as well as the rapid consumer adoption of home-based smart speakers, the expansion of smart homes and the growing integration of virtual assistants into cars.

That, combined with the popularity of digital media – streaming music, podcasts, etc – has created greenfield opportunities for better brand engagement through audio. But brands have struggled to catch up, and there has not been many ways to capitalise on this.

So a team of people who co-founded and worked at Zvuk, a leading music streaming service in Eastern Europe, quickly understood why there is not a single profitable music streaming company in the world: subscription rates are low and advertisers are not excited about audio ads, due to the measurement challenges and intrusive ad experience.

So, they decided to create SF-based company Instreamatic, a startup which allows people to talk at adverts they see and get an AI-driven voice response, just as you might talk to an Alexa device. 

Thus, the AI powering Instreamatic’s voice-driven ads can interpret and anticipate the intent of a user’s words (and do so in the user’s natural language, so robotic “yes” and “no” responses aren’t needed). That means Instreamatic enables brands which advertise through digital audio channels (streaming music apps, podcasts, etc) to now have interactive (and continuous) voice dialogues with consumers.

Yes, it means you can talk to an advert like it was an Alexa.
 
Instead of an audio ad playing to a listener as a one-way communication (like every T.V. and radio ad before it), brands can now reach and engage with consumers by having voice-interactive conversations. Brands using Instreamatic can also continue conversations with consumers across channels and audio publishers – so fresh ad content is tailored to the full history of each listener’s past engagements and responses.

An advantage of the platform is that people can use their voice to set their advertising preferences. So, when a person says ‘I don’t want to hear about it ever again,’ brands can optimize their marketing strategy either by stopping all remarketing campaigns across all digital media channels targeted to that person, or by optimizing the communication strategy to offer something else instead of the product that was rejected. If the listener expressed interest or no interest, Instreamatic would know that and tailor future ads to match past engagement – providing a continuous dialogue with the user.

Its competitor is AdsWizz which allows users to shake their phones when they are interested in an ad. This effectively allows users to “click” when the audio ad is playing in the background. One of their recent case studies reported that shaking provided 3.95% interaction rates.
 
By contrast, Instreamatic’s voice dialogue marketing platform allows people to talk to audio advertising, skipping irrelevant ads and engaging in interesting ones. Their recent case study claimed a much higher 13.2% voice engagement rate this way.
 
The business model is thus: when advertisers buy voice dialogue ads on its ad exchange, it takes a commission from that ad spend. Publishers, brands and adtech companies can license the technology and Instreamatic charges them a licensing fee based on usage.

Instreamatic has now partnered with Gaana, India’s largest music and content streaming service, to integrate Instreamatic into Gaana’s platform. It’s also partnered with Triton Digital, a service provider to the audio streaming and podcast industry.

This follows similar deals with Pandora, Jacapps, Airkast,
and SurferNETWORK.

All these partnerships means the company can now reach 120 million monthly active users in the United States, 30M in Europe and 150 million in Asia.

Thet company is headquartered in San Francisco and London with a development team in Moscow and features Stas Tushinskiy as CEO and co-founder. Tushinskiy reated the digital audio advertising market in Russia prior to relocating to the U.S. with Instreamatic. International Business Development head and co-founder Simon Dunlop previously founded Bookmate, a subscription-based reading and audiobook platform, and DITelegraph Moscow Tech Hub, and Zvuk.

How startups close their first big sales

No matter what your startup sells or who you’re selling it to, companies that survive — and grow — need big customers and lots of them. But how do you land million-dollar deals with limited resources and no credibility?

In more than 20 years of building companies and products, I’ve learned that in the grand scheme of the startup lifecycle, while you scale your way through growth to eventual sustainability and success, acquiring your first customer is relatively easy. Any good salesperson can sell a good product to the prospect of their choice. Hell, any mediocre salesperson, even when they’re hawking complete crap, can get lucky once. Your first customer is a great signal, but it’s just a signal, not a savior.

What actually matters is what we learn from that first signal and all the signals that follow.

Aggregate value to target prospects

The process starts way before the first sales pitch. Your chances of closing your first big sale are going to be directly related to how well you’re targeting your prospective customers. So let’s begin with a discussion of aggregation and targeting.

All product and service sales come down to usage and aggregated value. It doesn’t matter if your target customer is a consumer or a business. It makes no difference if your price point is dollars or thousands of dollars. It doesn’t matter if your transaction is completely frictionless or requires a six-month hand-hold by your sales team.

If your customer is a consumer, they’re going to have limited usage with your product or service and the value needs to be tightly wound into that small usage window. If your customer is a business, they’re likely going to have multiple users and almost continuous usage of the product or service, so the value will be delivered over time.

So a “lot of customers” for your product or service might be 100, or it might be a million. Either way, you’re offering the same value per dollar based on usage. You’re aggregating that value into the sale, so you need to be targeting those customer prospects with the highest expected usage.

A classic rookie mistake made by most entrepreneurs is spraying and praying at large prospect audiences for the sake of their largeness alone, hoping that those shards of value surface for the right people at the right time.

Don’t do that. Instead, for B2C sales, you’re going to need some intelligence about your prospect list, which means more than Facebook ad demographics — it’s being able to predict the usage based on the source of the prospect. For B2B sales, you need to determine the optimum type of business to sell into: their size, their industry, their appetite for innovation, and anything else you can use to narrow your focus.

Figure out who is going to get the most aggregate value for their usage and target them.

Targeting customer prospects based on value aggregation is not only going to increase the chances of closing, it’s also going to dictate the near future in terms of the growth of your startup. A targeted, good customer is going to make your life a lot easier. A random, poor customer is going to fill your world with complaints, support requests, change requests, feature requests, and ultimately severe changes to your product roadmap.

Consolidate and find a champion

When you’re a startup, your customers are buying innovation. The tricky thing is, no one needs innovation. Rather, they need the derivatives of that innovation  —  time, simplification, throughput, security.

In order to close a big sale, in other words, the aggregation of many, many units of that usage and value, you’re going to have to consolidate that usage and find a champion of value on the customer side.

So the question becomes: Who benefits the most from the derivatives of innovation brought about by maximizing the usage of your product or service?

Virtual product placement is coming for TV and movies and Ryff has raised cash to put it there

In a world where ad rates are declining for traditional broadcast media, the corporations responsible for making the fictions that millions devour daily need to find a new business model.

Subscription services are on the rise — with every major broadcaster launching an on-demand service — and so are ad-supported video streaming services to replace the traditional networks.

But there’s another holy grail of the advertising industry, long thought to be too technologically difficult to achieve, that may finally be within reach. It’s the on-demand product placement of branded goods in a video, and it’s the technology that Ryff has been developing since it was founded in early 2018.

Product placement is an increasingly big business in the U.S. raking in some $11.44 billion in 2019, according to data collected by Statista. That figure is up from $4.75 billion in 2012. The same report indicated that roughly 49% of Americans took action after seeing product placement in media.

The effectiveness of product placement has even been proven by researchers from Indiana University and Emory University. They found that “prominent product placement embedded in television programming does have a net positive impact on online conversations and web traffic for the brand.”

And while streaming services enjoy the dollars their subscribers are throwing at them, they’re also looking at ways to diversify their revenue streams. Netflix and Hulu are both expanding their product marketing divisions and analysts like those from Forrester Research predict that product placement will be a huge moneymaker for the company as traditional ad rates decline.

There are companies that handle product placement already. Startups like Branded Entertainment Network, which works with brands and producers to place real brands into contextually relevant scenes in movies and television, and Mirriad, which adds branded billboards to scenes, are working to bring more money to platforms and producers.

Ryff takes the technology to the next level, using computer vision, machine learning, and rendering technologies to identify objects in a scene and replace them with branded products that can be tailored based on customer data.

“The infusion of SVOD/streaming platforms into the market, combined with platforms like Netflix that are unsuccessfully trying to grow their subscriber base will force those same platforms to explore and embrace alternative revenue streams,” said Marlon Nichols, Managing General Partner at MaC Venture Capital, and a new director on the Ryff board. “In addition, consumers on paid platforms do not want their content consumption interrupted by ads. As such, product placement will be an important growth channel and Ryff’s new marketplace and unique technology set it up to be the unequivocal growth market leader.” 

To continue its technology development and ramp up sales and marketing the company has raised $5 million in financing. According to Crunchbase, Ryff had previously raised $3.6 million from investors including a subsidiary of the Mahindra Group and undisclosed investors. The new financing came from Valor Siren Ventures, MaC Venture Capital, Moneta Ventures and Vulcan Capital.

“Ryff’s offering is well-timed with the rapidly increasing demand for solutions that extend the reach of a brand’s content and drive business results,” said Uday Ghare, vice president for media and entertainment at Tech Mahindra, in a statement at the time of the company’s investment. “We believe the market will continue to see a shift of brand dollars to both content marketing and programmatic advertising as brands increase their reliance on content-centric programs and look to scale those efforts.”

Ryff’s ads can be tailored to the viewer’s taste, the platform on which video is being distributed, the geography of the broadcast, the date and time of the broadcast and a broader demographic profile, according to the company. Basically it’s like adwords for videos.

In a blog post writing about the rationale behind his investment firm’s capital commitment to the company, Marlon Nichols of MaC Ventures wrote:

Imagine a future where an IP owner can maximize the value of its content by putting in on the Ryff marketplace, where that content will be mapped for dozens if not hundreds of product placement opportunities and be layered with restrictions that comply with creative needs . Those opportunities will be ranked and priced by their effectiveness to drive marketing goals for brands. Brands can bid on in-video placement opportunities that fit their marketing strategies and budgets. 3D brand assets can be uploaded and inserted dynamically into content right before the moment of video delivery

Ryff’s first disclosed partnership is with the “reality” television producer Endemol Shine. 

“Ryff successfully takes the concept of product placement, the only advertising format that can’t be skipped by the viewer, and delivers a scalable and adaptable advertising solution that can be applied to any content, at any time and in any market,” said Roy Taylor, founder and CEO of Ryffm, in a statement. “The result benefits all – content free from annoying distractions, audience-specific brand placement and delivering a new means towards monetizing video assets.” 

Brand power vs. product power

Most tech companies — particularly B2B companies — either don’t understand the power of a brand, or do a really poor job of creating one.

An informal survey of a dozen of my young CEO friends showed that, given the choice, 10 out of 12 — 83% — would rather spend an extra dollar on product development than brand-building. It is dangerous (or at least foolish) to assume that the ROI on product development is greater than the ROI on brand building.

As a serial entrepreneur and CEO, I have had to make this choice many times. In 2006, I co-founded PC backup company Carbonite . I left the company five years ago after taking it public and I no longer have any financial interest in it, which is why I can write about it now — it was just sold for $1.4 billion to OpenText. There were many other backup products on the market at that time and many more appeared over the first five years of the company’s life. I would argue that Carbonite was slicker than most of the others, but essentially every backup product accomplishes the same result.

Unlike Carbonite’s competitors, we focused on our brand. That meant raising more money than we would have if we were just investing in R&D. But, after five years of investing in our brand, we had eleven times the brand recognition of any other consumer backup company and we dominated the market.

Here’s why: a study by Kettlefire Creative showed that 59% of people prefer to buy brands that they have heard of. Since none of our competitors had widely recognized brands, we got most of that 59%. Of the remaining 41%, we fought it out on other criteria and won most of that as well. Put yourself in the shoes of a potential customer looking to back up their PC. What do you worry about? Well, before we even launched the company, we asked PC owners to choose the five most important attributes of their ideal backup company from a list of ten possible attributes, and we found the following:

1. Trustworthy: you won’t look at my files or allow anyone to see them (1127 votes)

2. Peace of mind: when I go to retrieve my backup, it will always be there (811 votes)

3. Reliable: it backs up everything and doesn’t stop (696 votes)

4. Helpful: if I lose my computer, I want to talk to a human who can help me (446 votes)

5. Easy: it should be simple and require little attention (444 votes)

The attributes that didn’t make the top five:

6. Fast: backups happen quickly

Will the 2020s be online advertising’s holistic decade?

With less than two months left in the decade, advertising is again entering a new phase of rapid expansion with customer experience front and center.

The explosion of data and identity management, combined with technical advancements in real-time signal detection and machine learning, present new opportunities to respond to consumers, but mastering this ability enables marketers to create “magic moments” — instances of hyper-relevant content, delivered at the perfect time and place. 

We’ll see evolutions on the back end in terms of delivery and measurement — as well as on the consumer-facing end — through new creative deployments that enhance the brick-and-mortar shopping trip. Marketers will be held to a higher standard, both by clients demanding world-class performance and proof, as well as consumers who want relevancy, helpfulness and privacy from their brand relationships. 

Achieving this balance won’t be an easy task, but the most progressive marketers will succeed in driving this industry toward a more customer-centric future because they took steps to evolve before it was too late. With that in mind, here are five ways we expect advertising to become more holistic in the 2020s: 

Smart data will take priority over big data

Most marketers have heard the adage, “garbage in, garbage out.” For too long, the industry relied on sheer quantity of data with no quality metrics for making key audience assumptions. This mentality has had a detrimental effect on our industry, creating an ecosystem where people simply hate ads and brands focus on viewability over ROI.

To truly understand our audiences, we must first turn data from multi-channel interactions into smart, actionable insights. This involves not only understanding who the customer is, but what motivates them. 

Progressive marketers will continue to invest heavily in identity graphs to tie critical data and behaviors to individual profiles across channels. Using data science and machine learning, marketers will then be able to advance their knowledge about consumers to new levels, employing new messaging tactics based not only on value, but also on what inspires action. Key nuances, like distinguishing a deal-seeker from a value-seeker, will lead to more engaging personalized experiences and ultimately better ROI for advertisers.

We’ll see a flurry of investment in real-time engagement

We live in a world where our technology predicts where we are going, what we are seeking and how long it will take to get there by recognizing our patterns and everyday behaviors. The benefits in terms of convenience and knowledge are addictive. Look no further than email, social and Alexa to see how real-time awareness and time savings from these interactions impact our everyday lives.  

For marketers, capturing this lightning in a bottle has always been elusive — until now. The rise of real-time advertising, customer data platforms (CDPs), data science and machine learning have created the ability to detect purchases as well as online and real world location signals in real-time. This enables marketers to not only predict the next shopping trip, but what a consumer is likely to buy, when it matters most.

These sense-and-respond capabilities will enable progressive marketers to create experiences of enormous value at the moments that matter, such as triggering an offer of relevance upon entering a store or delivering a tailored experience at a specific time and location. The new decade will bring about massive investments into these technologies given their immediate ability to influence consumers during the actual purchase process. We’ll see budgets being specifically carved out to support real-time advertising and technologies as marketers optimize and convert users with greater effectiveness.  

For consumers, it means that the in-store experience will continue to become more interactive, with mobile devices as the connecting point between e-commerce and brick and mortar. Brands that thrive in this environment will win by delivering meaningful creative that connects both online and offline worlds in a helpful and relevant way.

Cutting-edge tech will create new ad experiences

TriNet sent remote workers an email that some thought was a phishing attack

It was the one of the best phishing emails we’ve seen… that wasn’t.

Phishing remains one of the most popular attack choices for scammers. Phishing emails are designed to impersonate companies or executives to trick users into turning over sensitive information, typically usernames and passwords, so that scammers can log into online services and steal money or data. But detecting and preventing phishing isn’t just a user problem — it’s a corporate problem too, especially when companies don’t take basic cybersecurity precautions and best practices to hinder scammers from ever getting into a user’s inbox.

Enter TriNet, a human resources giant, which this week became the poster child for how how to make a genuine email to its customers look inadvertently as suspicious as it gets.

Remote employees at companies across the U.S. who rely on TriNet for access to outsourced human resources, like their healthcare benefits and workplace policies, were sent an email this week as part of an effort to keep employees “informed and up-to-date on the labor and employment laws that affect you.”

Workers at one Los Angeles-based health startup that manages its employee benefits through TriNet all got the email at the same time. But one employee wasn’t convinced it was a real email, and forwarded it — and its source code — to TechCrunch.

TriNet is one of the largest outsourced human resources providers in the United States, primarily for small-to-medium-sized businesses that may not have the funding to hire dedicated human resources staff. And this time of year is critical for companies that rely on TriNet, since health insurance plans are entering open enrollment and tax season is only a few weeks away. With benefit changes to consider, it’s not unusual for employees to receive a rash of TriNet-related emails towards the end of the year.

But this email didn’t look right. In fact when we looked under the hood of the email, everything about it looked suspicious.

This is the email that remote workers received. TriNet said the use of an Imgur-hosted image in the email was “mistakenly” used. (Image: TechCrunch/supplied)

We looked at the source code of the email, including its headers. These email headers are like an envelope — they say where an email came from, who it’s addressed to, how it was routed, and if there were any complications along the way, such as being marked as spam.

There were more red flags than we could count.

Chief among the issues were that the TriNet logo in the email was hosted on Imgur, a free image-hosting and meme-sharing site, and not the company’s own website. That’s a common technique among phishing attackers — they use Imgur to host images they use in their spam emails to avoid detection. Since the image was uploaded in July, that logo was viewed more than 70,000 times until we reached out to TriNet, which removed the image, suggesting thousands of TriNet customers had received one of these emails. And, although the email contained a link to a TriNet website, the page that loaded had an entirely different domain with nothing on it to suggest it was a real TriNet-authorized site besides a logo, which if it were a phishing site could’ve been easily spoofed.

Fearing that somehow scammers had sent out a phishing email to potentially thousands of TriNet customers, we reached out to security researcher John Wethington, founder of security firm Condition:Black, to examine the email.

It turns out he was just as convinced as us that the email may have been fake.

“As hackers and self-proclaimed social engineers, we often think that spotting a phishing email is ‘easy’,” said Wethington. “The truth is it’s hard.”

“When we first examined the email every alarm bell was going off. The deeper we dug into it the more confusing things became. We looked at the domain name records, the site’s source code, and even the webpage hashes,” he said.

There was nothing, he said, that gave us “100% confidence” that the site was genuine until we contacted TriNet.

TriNet spokesperson Renee Brotherton confirmed to TechCrunch that the email campaign was legitimate, and that it uses the third-party site “for our compliance ePoster service offering. She added: “The Imgur image you reference is an image of the TriNet logo that Poster Elite mistakenly pointed to and it has since been removed.”

“The email you referenced was sent to all employees who do not go into an employer’s physical workspace to ensure their access to required notices,” said TriNet’s spokesperson.

When reached, Poster Elite also confirmed the email was legitimate.

This is not a phishing site, but it sure looks like one. (Image: TechCrunch)

How did TriNet get this so wrong? This culmination of errors had some who received the email worried that their information might have been breached.

“When companies communicate with customers in ways that are similar to the way scammers communicate, it can weaken their customer’s ability over time to spot and shut down security threats in future communications,” said Rachel Tobac, a hacker, social engineer, and founder of SocialProof Security.

Tobac pointed to two examples of where TriNet got it wrong. First, it’s easy for hackers to send spoofed emails to TriNet’s workers because TriNet’s DMARC policy on its domain name is not enforced.

Second, the inconsistent use of domain names is confusing for the user. TriNet confirmed that it pointed the link in the email — posters.trinet.com — to eposterservice.com, which hosts the company’s compliance posters for remote workers. TriNet thought that forwarding the domain would suffice, but instead we thought someone had hijacked TriNet’s domain name settings — a type of attack that’s on the increase, though primarily carried out by state actors. TriNet is a huge target — it stores workers’ benefits, pay details, tax information and more. We had assumed the worst.

“This is similar to an issue we see with banking fraud phone communications,” said Tobac. “Spammers call bank customers, spoof the bank’s number, and pose as the bank to get customers to give account details to ‘verify their account’ before ‘hearing about the fraud the bank noticed on their account — which, of course, is an attack,” she said.

“This is surprisingly exactly what the legitimate phone call sounds like when the bank is truly calling to verify fraudulent transactions,” Tobac said.

Wethington noted that other suspicious indicators were all techniques used by scammers in phishing attacks. The posters.trinet.com subdomain used in the email was only set up a few weeks ago, and the eposterservice.com domain it pointed to used an HTTPS certificate that wasn’t associated with either TriNet or Poster Elite.

These all point to one overarching problem. TriNet may have sent out a legitimate email but everything about it looked problematic.

On one hand, being vigilant about incoming emails is a good thing. And while it’s a cat-and-mouse game to evade phishing attacks, there are things that companies can do to proactively protect themselves and their customers from scams and phishing attacks. And yet TriNet failed in almost every way by opening itself up to attacks by not employing these basic security measures.

“It’s hard to distinguish the good from the bad even with proper training, and when in doubt I recommend you throw it out,” said Wethington.

Helping banks refine sales pitches and customer service, Minneapolis-based Total Expert raises $52 million

It’s no secret that the art of customer service in the modern era is something that banks desperately need help with.

One of the reasons why challenger banks have been able to find acceptance, new customers and — well — the ability to challenge existing banking companies is the mistreatment customers receive from their existing money holders.

That’s why tools designed to help marketing and customer engagement are a big business and why the Minneapolis-based Total Expert has been able to raise $52 million in its latest round of financing.

The new round brings the company’s total haul to $86 million thanks to capital investments from Georgian Partners, Emergence, and Rally Ventures (all veteran software as a service investors).

“We are incredibly excited about Total Expert’s approach to building trust and maximizing the long-term value of relationships between consumers and lenders,” said Simon Chong, managing partner and co-founder of Georgian Partners, in a statement. “The future of consumer finance is engaging across all product and customer needs during their financial life, and Total Expert is the category leader powering this humanized automation and compliance at scale.”

The company said it will use the money to expand on its 218 person team — especially hiring additional data scientists and designers. The company also said it would accelerate the development of new automation tools to help small banks and credit unions compete.

“The future of financial services belongs to firms that combine human interaction with technology in a way that creates higher quality and more relevant experiences throughout the entire customer journey,” said Joe Welu, Total Expert’s chief executive officer. “Every interaction a consumer has with a financial services brand either erodes trust or builds trust, and legacy technology makes it difficult to deliver on the expectations of the modern consumer. Our mission is to ensure that banks and lenders create customers for life by delivering on these expectations”