Context
In 2020, Square experienced a significant increase in phishing scams via email, resulting in millions of dollars lost by Square sellers who were unable to recover their funds.
My Role
At Square, I had the unique opportunity to own parts of the Email Design and UX Writing, requiring me to have a deep understanding of our existing design system and brand guidelines.
I had close collaboration with the UX Writer who oversaw the Risk department, as well as weekly check-ins with fellow Product Designers, UX Researchers, and the Product Design Manager.
Initial Interviews
To better understand the seller experience, we conducted in-depth qualitative interviews with 20 Square sellers who had experienced phishing attempts. I was personally responsible for conducting 6 of these interviews and distilling my notes to our team.
We found that 80% of sellers had difficulty distinguishing legitimate Square emails from scams due to inconsistent branding and design. This insight reinforced the initial signal we received about the need for a standardized email design system.
"It's really hard to tell it's coming from you guys since they [emails] all look different from one another..."
Department-Wide Challenges
Within the seven departments that sent outgoing emails, we found several inconsistencies affecting our brand and ultimately the seller experience. This issue presented a significant risk, and it became clear that addressing the lack of cohesive design was critical in order to protect sellers from falling victim to phishing attacks.
Specifically, the three major design inconsistencies that contributed to the problem were the varying headers, body styles, and footers (as shown below). Internally, we were giving teams too many options to choose from.
To gain buy-in, we conducted workshops with each department to understand their specific needs and concerns. We then translated their feedback into potential design components that would be reusable across other departments. This ensured a more flexible and scalable solution to the problem, while still meeting the diverse communication needs of the teams.
Email Archetypes
After converging on our findings, we identified five major email archetypes that encompassed over 90% of the styles across the company emails:
1) Lead Driver : Drive sellers to a landing page with the goal of converting them.
2) Instructional : Provide sellers with explicit instructions on how to complete a task.
3) Transactional : Triggered by an action taken by the seller and are used to communicate with them.
4) Letter : Contain information specific to one seller or a small group of sellers, or are sensitive in nature.
5) Operational : Update sellers on the operations of their business, including data and statistics.By identifying these email archetypes, we were able to create a clear framework for designing and organizing all outgoing emails, resulting in a more cohesive and effective approach.
Components
We went through several iterations of the email archetypes and components. Initial designs were tested with a focus group of 15 sellers, resulting in a 40% improvement in their ability to identify legitimate Square emails. Based on this feedback, we refined the designs further, particularly focusing on making the header more prominent and consistent across all email types.
We created all the necessary designs and components using Figma, and later transferred them to Contenful for faster implementation. The components for each email type are shown below. By consolidating our work into a select few, we were able to streamline the email design process and facilitate easier adoption across the entire company.
Results
Since the launch in November 2021, Square has seen a 12.5% decrease in reported phishing attempts and a 70% reduction in financial losses due to email scams (Data from January 2023). Additionally, our post-implementation survey showed a 90% increase in seller confidence in identifying legitimate Square emails.
By providing a comprehensive set of components, the team was able to streamline the email design process and facilitate easier adoption across the entire company. There were still more opportunities for future explorations that would enhance consistency and communication with sellers.
Other Considerations
Although our new email designs achieved modest results, the next layer of security would be to eliminate any possibility of a CTA altogether. This was a controversial topic of discussion because it would significantly decrease the traffic from emails to our sellers' dashboards. Inversely, it would also decrease the possibility of a phishing scam via CTA to 0%.
Should the email CTAs stay in place, I designed two mocks that would allow us to keep the buttons while maximizing the security to our sellers:
- Department-Specific Headers: Visual indicators displayed next to the Square logo to indicate the specific department.
- Seller Pins: Allowing sellers to access their dashboard from their email, but only after entering their unique seller pin number.