When sending university communications, your message must look and feel professional to ensure it is not mistaken for a phishing scam. Following these standards helps your audience recognize your emails as legitimate and trustworthy.
Establishing Email Trust
Recipients are trained to be suspicious of unexpected links and urgent demands. To maintain the credibility of your department, emails should avoid high-pressure tactics and instead provide clear, verifiable ways for the reader to confirm the message is real.
Best Practices for Content
Professionalism and transparency are your best tools for building trust:
- Descriptive Subjects: Use specific titles like "Important Changes to Social Media Accounts" rather than "Please Read Immediately."
- Professional Grammar: Always proofread and use spell check. Typos are a major hallmark of phishing scams.
- Verified Signatures: Include your name, department, and a valid on-campus phone extension.
Security Red Flags
Avoid these common traits of phishing to prevent user alarm:
- Personal Info Requests: Never ask for passwords, usernames, or account numbers via email.
- High-Pressure Demands: Avoid threats of dire consequences or immediate deadlines. Stick to the facts.
- Unexpected Attachments: Do not send attachments unless the recipient is expecting them.
Comparing Link Strategies
Suspicious (Avoid)
Click here for the survey
The Problem: "Click here" links hide the destination URL. Phishers use this tactic to mask malicious websites. Vague calls to action raise suspicion.
Trustworthy (Recommended)
Visit skyline.northcentral.edu
The Benefit: Referring users to a known university homepage allows them to navigate safely. For direct links, use descriptive text like "View the Secure Email Guide."
Verification and Contact
If you must direct a user to a third-party site (like Survey Monkey), consider placing that link on a familiar university webpage first. Then, link the user to that university page from your email. This creates a "chain of trust" that the reader can follow.
- State the Purpose: Clearly explain why the email is being sent and what the reader needs to do.
- Provide Alternate Contact: Offer a way to communicate if a deadline has passed or if the user is hesitant to click a link.
- Consistency: Ensure that any accompanying websites are consistent with the information provided in your email.