Preventing Emails From Looking Phishy
Legitimate emails can easily be mistaken for malicious activity if they share characteristics with phishing emails or other scams. For a list of characteristics typically associated with phishing emails, see Avoiding Phishing Emails. For specific examples of recent phishing emails, see The Phish Bowl.
Recipients may be wary of opening or responding to emails that appear suspicious, leading them to ignore or delete the message. Additionally, if a significant number of recipients report the email as spam or phishing, it could also lead to the sender's email address or domain being flagged or blocked by email service providers.
Writing an Email Message That Doesn't Look Phishy
The following practices will help ensure that legitimate emails are perceived as credible and trustworthy communications.
Provide Context
- Explain to the recipient why they are receiving the message, what person or group at the university is sending the message, and why the action needs to be taken.
Provide Verification
- Always clearly indicate who is sending the email and provide a UC Santa Cruz or UC contact, phone number, and email address for the recipient to verify the email.
Notify Recipients in Advance
- If possible, send recipients advanced notification to expect an email requesting action. The advanced notification should be from a known sender and should be free of links, attachments, or action requests.
Keep the ITS Support Center and Information Security Informed
- The ITS Support Center (help@ucsc.edu) and Information Security contacts (phishing@ucsc.edu) are often the first place email scams get reported. If you let these groups know about the email beforehand, they can be prepared to let recipients know that the email is legitimate.
Avoid Using Attachments
- Email attachments are viewed as suspicious by both spam filters and recipients because they can contain malware that infects computers and puts information at risk. Include a link to a Google Doc or online PDF instead.
Use Best Practices for Links
DO:- Link to UCSC, UC websites, or Google Drive files
- Spell out all links completely so that recipients can see where they lead. This also allows recipients to type them directly into their browser or copy and paste rather than clicking the link.
- Keep the number of links in the email message to a minimum. The fewer links the better.
- Use embedded "click here"-type links or shortened or obscured URLs.
- Link directly to non-UCSC/UC websites.
- Link to non-html documents.
- Link to an IP address.
- Link to executable files (such as .exe, .cmd, .scr).
Avoid Sending Emails From an External Source
- Emails should come from a valid UC Santa Cruz or UC email address. Emails from an external source or a link to an external website may make the recipient suspicious.
- If you must link to an external website, provide a link to a UC Santa Cruz or UC website that links to the external website. If this is not possible, or if the email must be sent by an external party, include a link to a known website, or local contact information, where the recipient can confirm the legitimacy of the email.
Example of a Good Email
Below is an example of a well done mass email communication. The details and contact information are fake, but this is based on actual email sent at a UC location. This email provides a good yet brief explanation and context, a campus link for information and to access the non-UC-hosted survey, and local, verifiable contact information for recipients to confirm the validity of the email and ask questions.
Good Example
From: UCOP Human Resources <HR@ucop.edu>
Employee Name
Title / Department
Get Help
If you have any questions, please email help@ucsc.edu. You can also learn more about protecting yourself online on the ITS Security webpage.