How can marketing teams accidentally teach bad behavior (CTA mimicry)?

Marketing practices can normalize **phishing** patterns. "Click here immediately," urgent subject lines, and requests for account updates train recipients to comply with messages **phishing** might imitate.

Specific risks: using link shorteners (hides destinations), requesting credential entry through email links, creating urgency for marketing purposes, and sending from unfamiliar subdomains.

Better practices: avoid training users to click urgently, use recognizable sending domains, provide context rather than demanding immediate action, and consider how legitimate practices might be exploited by attackers.