I'm wearing my retro THOTCON t-shirt today, feeling all nostalgic about conferences. On the upside, I am planning the Lightspin event and conference outlook for the year (we'll be at Black Hat and RSA and more!), and planning some international travel for both business and pleasure. This after returning from a week in Hawaii - travel experiences and friends here we come in 2023!
Coinbase Superbowl Ad: QR Codes causing infosec twitter to lose their minds, and advertising success metrics
Last Sunday was Super Bowl LVI, which is typically the largest television event in the USA every year. Brands spend millions for 30 and 60 second advertisements and lots of people say they just watch the Super Bowl for the commercials, not the game.
This year, by many accounts, the Coinbase ad won the day. They had a simple colorful QR Code bouncing on the screen for a whole minute. It's an homage to the old bouncing DVD logo screensaver that many are familiar with. This Office clip captures it perfectly.
As a marketer I'm always fascinated with the goals of an ad and measuring, "was it worth it?" People that work with me get tired of me asking "what does success look like?" So, let's see some of the Coinbase stats that they've shared or others have analyzed:
- Went from #186 in the Apple App store to #2
- 20M hits on the landing page in 1 minute
- Tons of free media: everyone talking about it, from infosec twitter to mainstream media
Anthony Pompliano reviewed the ad on his YouTube channel.
The ad was simple, the offer was strong:
- Enter to win $3M if you're an existing Coinbase customer and for new customers, if you sign up you also get $15 in free Bitcoin.
So was it worth it from an LTV:CAC standpoint? Taylor did some math:
The tl;dr is if they spent $20M all in they would need between 0.5% - 1% of viewers to convert. But I actually don't think they measured success just based on new customer acquisition, even though their head of product said it was hugely positive ROI. One great thing they got from the ad: attribution.
Now let's turn to the infosec conversation about if we trained millions of people to scan random QR codes. Doug's tweet went viral:
Bob Lord shared his perspective on how we visit untrusted web pages every day, how is this different? and many of my esteemed readers agree with him:
I do actually think Klaus has a good point here, however:
Regardless of where you land on it, I think it's an opportunity for every security leader to turn this conversation into an educational opportunity for your internal teams. Build a whole internal campaign based on the Coinbase ad, emphasize the importance of security, not to blast Coinbase and their QR code, but to inspire some good security hygiene by your people. Point them to good QR code reader apps that don't have risky out of the box over-permissioned requests like the stuff Klaus was warning about. QR codes are not going away, especially with COVID. In the last 2-weeks I've had to scan QR codes at a restaurant to view the menu and order, they had no physical menus to give to guests.
Inspirational thought this week: Do something that makes you uncomfortable
I was inspired by my friend STÖK this week. He pushed himself into a new creative space with his Bounty Thursday livestream. STÖK by his own admission is a quality freak with his videos. He knows what he wants and what it takes to get the vibe just how he wants it and the quality top notch. So in doing a livestream, he had to let go of some of that control that comes from the editing chair in post production.
As STÖK said, "just lean in and go with the flow". #vibesquad✌🏻❤️✌🏻