Today in Digital Marketing - The Security Breach We All Feared Has Happened
Episode Date: July 3, 2024The hack nobody wanted: How a leading two-factor authentication app used by marketers worldwide is now exposed. Plus TikTok slows down, a deep-dive into Google's changes to its ads platform, and t...he clever technique consumers are using to see if you are gouging. Contact Us • Links to today’s stories 📰 Get our free daily newsletter📈 Advertising: Reach Thousands of Marketing Decision-Makers🌍 Follow us on social media or contact usGO PREMIUM!Get these exclusive benefits when you upgrade:✅ Listen ad-free✅ Back catalog of 20+ marketing science interviews✅ Get the show earlier than the free version✅ “Skip to story” audio chapters✅ Member-only monthly livestreams with TodAnd a lot more! Check it out: todayindigital.com/premium✨ Premium tools: Update Credit Card • CancelMORE🆘 Need help with your social media? Check us out: engageQ digital📞 Need marketing advice? Leave us a voicemail and we’ll get an expert to help you free!🤝 Our Slack⭐ Review usUPGRADE YOUR SKILLSGoogle Ads for Beginners with Jyll Saskin GalesInside Google Ads: Advanced with Jyll Saskin GalesFoxwell Slack Group and CoursesToday in Digital Marketing is hosted by Tod Maffin and produced by engageQ digital on the traditional territories of the Snuneymuxw First Nation on Vancouver Island, Canada.Some links in these show notes may provide affiliate revenue to us.Our Sponsors:* Check out Kinsta: https://kinsta.comPrivacy & Opt-Out: https://redcircle.com/privacy
Transcript
Discussion (0)
It is Wednesday, July 3rd. Today, the hack nobody wanted. How a leading two-factor authentication
app used by marketers worldwide is now exposed. Plus, TikTok slows down, a deep dive into
Google's changes to its ads platform, and the clever technique consumers are using to
see if you are gouging them. I'm Todd Maffin. That's ahead today in digital marketing.
A major hack has put millions of accounts at risk, and the hack happened at the one place
you don't want it to, a provider of two-factor authentication services. The service in question
is called Authy. It's a two-factor authentication app that competes with the popular Google
Authenticator. It's one of those apps that authentication app that competes with the popular Google Authenticator.
It's one of those apps that generates a six-digit code when you're trying to log into a website.
The company that owns Authy is Twilio, the large SMS marketing platform. It says hackers were able
to get data associated with millions of Authy accounts, including phone numbers. This happened
apparently because Twilio left an endpoint in their API open
without any login requirements. They say they've closed that now. The hackers posted their find
on a forum and claimed to have downloaded 33 million phone numbers of account holders.
TechCrunch in its reporting of this today spoke to Rachel Toback from Social Proof Security who
explained, quote, if attackers are able to
enumerate a list of users' phone numbers, then those attackers can pretend to be offy to those
users, increasing the believability in a phishing attack to that phone number, unquote. There is
sadly not a lot you can do other than to update the mobile app and change your password there.
This is not the first data breach that Twilio has suffered. Two years ago, a group of hackers got into the files of more than 100 of
its clients. With that data, they conducted a huge phishing operation around the world.
In the end, 10,000 employee credentials from at least 130 companies were stolen. Ad spending on TikTok has been growing year over year,
but the pace has slowed since a potential US ban was announced in March. According to MediaRadar,
ad spend in March rose 19% compared to the previous year, but growth cooled to 11% in April
and 6% in May. Nine out of 20 advertising categories saw month-over-month increases in April, with
consumer services leading the way up 115%, according to Censor Tower.
Despite this, the average daily spend on TikTok dropped by 2% month-over-month in April.
Four of the top 10 advertisers, including Target and DoorDash, reduced their spend.
Some brands have shifted their focus on TikTok from brand awareness to more performance-driven goals since the potential ban announcement.
Some analysts say that shift is what's caused the deceleration in ad spend growth.
But while spend is down, the price is up.
TikTok's CPMs for upper funnel metrics increased by 15% year-to-date.
And TikTok's user growth, especially among younger people, is stagnating. The percentage
of weekly users aged 18 to 24 has dropped from 35% in 2022 to 25% in 2024. Users aged 35 to 44 increased slightly. Average daily time spent on TikTok
also decreased, though only from 52 to 51 minutes. It is time to check in with our Google Ads
correspondent, Jill Saskin-Gales. Jill spent six years at Google Ads. Today, she runs the Inside
Google Ads training program for marketing practitioners Today, she runs the Inside Google Ads training program
for marketing practitioners and is host of the Inside Google Ads podcast. Jill, good morning.
Hello, hello.
So Google announced some updates to query matching last week. Was this a big deal?
I call this a medium deal. Yeah, there were some cool announcements.
Really two separate things that I guess Google just bundled together for us. First is how brand queries are handled. And second is how misspellings are handled. So on the brand side, brand restrictions are now renamed brand inclusions. And so what that means...
Which is good. It's more clear because we used to have two features, which you and I spoke about a couple months ago, brand restrictions and brand exclusions.
And it's hard to keep track of what each of those means.
So now we have brand inclusions and brand exclusions.
And they work like they sound like if you add brand inclusions to a broad match keyword campaign, it lets it know what kind of searches you would like to show on. And if you add brand exclusions,
it lets it know what kind of searches you don't want to serve on. And so practically,
this is because when you use broad match keywords, you know, the broad match keyword Google Ads
course, that really gives Google permission to show your ads on anything that has anything at
all to potentially do with the idea of Google Ads course, including
meta ads, training, learn Google Ads, like it can go really, really broad there. And so because of
that, your own brand queries would often sneak in there and even competitor brand names can sneak
in there. So what these two features let you do with brand exclusions, you can say, I want to use
broad match keyword, but I don't want to advertise in my brand or vice versa. You know, I want to use broad match
keywords and only advertise in my brand. So that's kind of the first part of this announcement.
And the misspellings part, what is that about?
This is an interesting one and definitely was not on my 2024 bingo card. So right now,
if you want to exclude misspellings, you have to look at every single potential way your keywords could be misspelled and exclude those.
And so now Google is saying that when you add a negative keyword, like let's say you have a negative keyword for learn meta ads.
If someone types in learn M-E-A-T, learn meat ads, I guess, that's a misspelling.
And that would also be excluded now by your
negative keyword. So that's the negative part of misspellings. The really, really interesting part,
and I think the part most practitioners are looking forward to, is misspellings being
included in your search term report. So when you advertise, you know, you pick your keywords,
they match to certain user searches, and you can see those searches in your search terms report.
But a lot of the search terms you can't see due to privacy reasons.
They're just kind of lumped under other search terms.
And it's a big controversy in the PPC community that you can't even see what you're advertising on.
And so with this change, by adding misspellings as sort of variations of what the user intended to search for. Google's ads liaison,
Ginny Marvin, shared that about 9% more search terms will now be visible. So as whereas before
these misspellings, you wouldn't even be able to see them, they would just be lumped under other
search terms. Now they will be visible to you and you can optimize accordingly. So more visibility,
more control. That's a rare thing to get from Google, but we're getting it here.
You know, whenever Google makes these announcements,
there's usually like a little bit of good,
a little bit of bad.
It's kind of a bit of a teeter-totter.
Where would you put this?
Is this, I mean, this kind of feels like a net positive
at the end of the day, these two announcements.
It is a net positive.
I'm sure Ginny was very excited
to share these announcements with the community,
but there's a potential caveat there.
So, you know, your average Google Ads user not going to see a difference.
They're probably not going to be using most of these features.
If you're a practitioner, I think these brand inclusion and brand exclusion features will
encourage more people to test broad match keywords.
And then, of course, being able to see those spellings in your search term report, having
them excluded as negatives.
These are all good things. But the part that's not mentioned anywhere here about why Google may be
doing this, not only out of the goodness of Google's heart, but because of the way matching
works and the way search interacts with Performance Max. So let's say someone searches Google Ads
course and you have a search campaign that could show an ad there and a Performance Max campaign that could show an ad there, the way that works is if you have an exact match keyword, search will
win. But otherwise, it's kind of up in the air. And a lot of times, Performance Max will win.
So with these changes here today, it is encouraging people to use more broad match keywords rather
than exact match. And because all these different misspellings are
just taken care of now, it's encouraging people not to have all these misspellings as keywords,
which again would give Performance Max more leeway. So I think the hidden reason, in my opinion,
why Google might be doing this is to kind of set the stage for people to have fewer keywords and
fewer controls, which will allow for more automation in formats like Performance
Max to take over in your account. But that's just my personal theory.
Well, I think in the end, it's fairly good news. I, for one, am more excited about the fact
that this is one of the few interviews that you and I have done in this year where we have not
mentioned AI once. It was really hard, Todd, but I tried my best.
All right, Jill, thanks. Thank you. Jill Saskin-Gales is our Google Ads correspondent.
She's here every second Wednesday. You can learn more about her Google Ads training program
at our affiliate link at todayindigital.com slash GA.
A really interesting piece in Business Insider this morning talks about how consumers are using
the reorder items function in Instacart's mobile app to see just how much prices have gone up in
the last few years. One fellow profiled in the piece compared his past and present grocery bills
and found his $35 order from 2019 would now cost more than $62 if he reordered the same
products. He shared this on his TikTok where it's gone a little viral. Another TikTok user reported
that their Walmart Plus order tripled in price over just two years, although that was possibly
due to the app replacing out-of-stock items with pricier alternatives. Don't blame inflation alone for it.
Cumulative inflation over the past five years is around 23%.
That's high, for sure, but it's not triple.
Part of the issue might be shrinkflation, which reduces item sizes.
And of course, it's the outliers that tend to go viral.
In its coverage, Business Insider analyzed past Instacart orders from Los Angeles
and New York City. One order from 2020 increased 22% over four years. Another was up 17%. All that
to say, if you are a merchant and you sell things online and your prices have gone way, way up in
the last few years, and you would rather maybe not make it so obvious, I'm not saying, you know,
like remove the reorder.
Fuck, I wouldn't say that.
Or like, I wouldn't say hide it or make like the background text the same color as the foreground text.
Every social media platform has its own tick.
On YouTube, it's smash that like button.
On Facebook Marketplace, it's is this still available?
And on TikTok, it's often,
send this to a friend. The creator doesn't really care about your friend. They care about you
tapping that send button. On TikTok, it's considered one of the strongest algorithmic
signals. Your video will get more reach if 100 people send it to a friend than if 100 people
tap like. Now, Instagram appears to be picking up on that,
and some new advice from the app's head says you should do that as well. Quoting Adam Asari,
quote, don't force it as a creator, but if you can, when you're making content, think about making
content that people would want to send a friend to, to someone they care about, and it will help
your reach over time, unquote.
You might have even seen them moving in this direction.
They recently started showing how many sends were logged for each post.
This has been in testing for a year or so.
It looks like it's rolling out more widely now.
A recent Harvard Business Review study of tens of thousands of posts found that while you can exploit emotion to get engagement,
there is a specific emotion you should
reach for if you want that engagement to be a send or a share. Quoting from that study,
quote, articles with a large number of comments were found to evoke high arousal emotions,
such as anger and happiness, paired with lowance emotions where people felt less in control, such as fear.
On the other hand, social sharing was very connected to feelings of high-dominance,
where the reader feels in control, such as inspiration or admiration, unquote.
So again, high-dominance is an emotion that's within the user's control,
a feeling that they can regulate.
Low-dominance is the opposite. Think anger or fear. Again, quoting Harvard Business Review, quote,
our study found that admiration and happiness have a strong correlation with high dominance.
This makes sense since the motivation for sharing upbeat content may be rooted in self-preservation.
Passing on a positive emotional experience makes others feel good, which in turn makes the sharer look good.
Including an element of surprise can help magnify the content's positive balance, unquote.
We have a link with more information about that Harvard Business Review study in today's email newsletter, which you can sign up to for free by tapping the link at the top of the show notes or going to todayindigital.com slash newsletter.
Proton, the privacy-focused email platform, has launched a new document platform that would compete with Google Docs. The Proton Docs system, though, is end-to-end encrypted, meaning not even
they can see what's in the documents. This starts rolling out today, starting with a web-based documents editor. It includes everything you'd expect, changes, formatting, adding links and
images and the likes. Collaboration features like real-time editing and commenting are also built in.
Proton Docs encrypts not just the content, but also keystrokes, mouse movements, and file paths,
making it somewhat unique among the major document editors.
It might come as a surprise to many that Google Docs does not offer true end-to-end encryption
for all its users. While it does encrypt files in transit and while they're being stored,
Google holds those encryption keys, which means that Google has the ability to access and view
the contents of your files anytime they want.
Organizations that pay for Google Workspace can use client-side encryption, which encrypts files
before they are uploaded to Google Drive with only the customer holding those encryption keys,
but it's still not truly end-to-end, which is considered the gold standard.
And we'll wrap up with a quick jump over to the lightning round.
Meta announced today that Threads is now used by more than 175 million users,
but that's people who sign on just once a month.
The more important metric is those who sign on daily.
Meta has not shared those numbers yet, which, as The Verge notes,
quote, suggests Threads is still getting a lot of flyby traffic from people who have yet to become regular users.
The IAB Tech Lab final report on Google's privacy sandbox is out, and the group concludes that Google's new sandbox will limit the marketing industry's ability to deliver targeted ads, putting smaller companies and brands especially at risk.
An interesting think piece at MediaPost for those of you who spend time in the retail media space.
It takes a deep look at Walmart's entry into the space, both on the ad side and the fulfillment side.
We have a link to that in today's newsletter as well.
It is the 4th of July tomorrow. That is an American holiday.
We are in Canada, but we still take the American holidays mostly off
because most of our news
comes from the U.S.
And when there's
an American stat holiday,
no news really happens.
That is on a Thursday,
which means that a lot of Americans
are taking Friday off as well,
which means that there probably
won't be a lot of news.
Anyway, all that to say,
we're taking a four day weekend
starting now.
And next week,
my wife and I are going on holidays. Unfortunately, we still do
not have our associate producer, the intrepid Steph Gunn back from Mat Leave. She's coming
back in September. And so next week will be a little bit different. I wish I could tell you
what it will be exactly, but I have not figured that out yet. I'm actually secretly working
tomorrow doing agency stuff, of course, and we'll be figuring out what we do next week as well.
At the very least, you will have two episodes in there,
either marketing science episodes
or perhaps some documentaries
about the world's most famous ad campaigns,
which we worked on last year.
We may end up rerunning those.
That's next week.
We take Mondays off in the holiday
because, again, slow news.
So that means that our next regular episode
in terms of the newscast
will be just under two weeks from now, July the 16th.
Don't forget to follow us on social media.
We are almost everywhere.
Facebook, Instagram, YouTube, LinkedIn, TikTok, Threads, Mastodon, Blue Sky, Snapchat, and even Pinterest.
Go to todayindigital.com slash social or tap the
link in the show notes. So that will do it for this week until I see you next Tuesday and Thursday
with those prepackaged episodes. Today in Digital Marketing is produced by EngageQ Digital on the
traditional territories of the Tsunamik First Nation on Vancouver Island. Our production
coordinator is Sarah Guild. Our theme is by Mark Flevis, ad coordination by Red Circle.
I'm Todd Maffin. Thank you so much for listening. Have a restful long weekend if you are taking one,
and I'll see you again soon.