Overview
At North Central University, departments send out emails daily to announce classes, services, and opportunities. A well-intended message may not get read or taken seriously if recipients think an email is a phishing scam.
Writing better emails
Here are a few best practices to reassure your audience that your message is trustworthy.
The subject matters
The subject line should accurately and clearly describe the contents of the email. Readers should not have to guess or feel suspicious of the intent of your email after reading the subject line. For example, "Please Read Immediately" sounds vague, while "Important Changes in North Central Social Media Accounts" provides concrete and specific reasons to open your email.
Watch your links
When possible, avoid placing links in the body of the email message. If a message can be easily accessed from a website, refer readers to the location on the website that you would like them to read. For example, "Please visit the IT service site and click on Safe Computing for more information." It is less likely to raise concern that a link is to an unsafe URL when it is not visible to the reader.
If it's necessary to include links in the email, direct the reader to a recognizable and credible website, such as skyline.northcentral.edu. For longer links, clearly describe the website content or title in the hyperlinked text. For example, "View the tips for Authoring Secure and Trustworthy Emails." This will help readers assess the safety and trustworthiness of a website. Finally, if your goal is to have the reader visit a third-party site such as Survey Monkey to complete a survey, consider placing the survey link on a safe and more familiar website. Use the more familiar URL in your email, and from there you can explain the next steps.
Grammar
Make sure your email looks professional. Proofread and use spell check and another set of eyes to avoid typos and grammatical mistakes.
Don't ask for personal or confidential information via email
Never ask for social security numbers, account numbers, usernames, passwords, or other personal identifying information via email. This is a major red flag that may deter your readers from taking any further action. It may also spawn inquiries to your desktop support and security teams.
Threats and demands are a red flag
Typically, phishers apply pressure by threatening dire consequences if the recipient fails to act immediately. Stick to the facts and urge the recipient to contact the appropriate person or department to reconcile any urgent issues. Contact details should be easily found in the body of the message and repeated at the conclusion of the email. Provide reasonable timelines for recipients to return contact or make required changes, and offer an alternate way to communicate if a deadline has passed.
Use attachments only when absolutely necessary
Phishers often include attachments in their email that can harm readers in various ways. Avoid sending attachments unless your recipient is expecting them. Include a clear explanation for the email and attachments in the body of the email.
The information on any accompanying websites should be informative and consistent with everything communicated in the email. Contact information should also be accessible and consistent.
Sign your emails.
Your readers should be able to clearly identify who is sending the email. Signed emails are deemed more credible than those that are unsigned. Email signatures should include your name, department, and phone number so that the reader can contact you if they have any questions regarding the validity of the email. A phone number, especially an on-campus extension, gives the user a way to validate the authenticity of the email without having to contact IT.