I must admit, Donato’s franchise has great pizza. But when it comes to trusting their online ordering environment, they leave some things to be desired. Below find the email that came to my house after ordering online. We knew it was “real” because it came shortly after the order was placed. But Donato’s made two errors. Make sure you aren’t making them in your business.
- Donatos doesn’t use their own domain name for the feedback link, prompting Vista mail to flag the message with a phishing warning. In a world where trust is a critical part of branding, this is just foolish. My family is very advanced when it comes to the web, but many customers would just delete the message without reading it.
- Donatos sends our usernames and password in plain text in the message. You just don’t do this, especially with all of the other personal information in the same message. My family uses different passwords for our sensitive accounts such as online banking, but I am absolutely sure this isn’t the case for many customers. This means the Donato’s password may have been used for more lucrative purposes, such as paypal, etc. We all know that keylogger exploits can do worse damage, but at least they require an infection and many have basic protection.