This content is viewable by Everyone
Make Your Emails Less Phishy!
Author: Esther Silver
Did you know that if a person thinks an email is phishy they will most likely delete it? Any valuable information you are trying to convey may not be read.
To avoid this, take the following steps to make your emails look less phishy:
- Provide context. Frequently real phish are short and drive people to react quickly. Giving the recipient known context can help. A real phish is more likely to have a generic salutation so including the recipient’s name is also helpful. Also, make sure the subject line is specific because real phishing messages are often vague.
- Suggest the recipient check the validity of the email through other means. Provide verifiable email addresses and URLs that can be checked without clicking on them. If you must use overlay text for a link, make it as descriptive as possible – avoid overlays like “click here” and avoid shortened URLs.
- Notify recipients in advance. If you must send an email from a platform that can only create phishy looking emails, warn the recipients as well as the Service Desk in advance.
- Avoid attachments. They always look phishy because they can contain malware. Share the document via known repositories like OneDrive and Box.
- Make links look less phishy by:
- Linking to UC websites
- Linking to SSL websites (e.g., https)
- Not linking to executable files such as .exe,.cmd, etc.
- Avoiding linking to non-UC websites.
- Avoid Linking to IP addresses
- Avoid using BCC. Although helpful for protecting recipients’ privacy, it is often used by hackers and can make your email look phishy.
- Avoid using external parties to send your email. All other things being equal, an email that originates outside of UCSF is more likely to be a phish. In fact, UCSF tags emails coming from outside of UCSF as external for that reason. It also provides an internal mass mailing/newsletter creation tool called Staffbase that integrates with Office 365.
Prevent Emails from Looking Phishy
See the latest Phishing Scams and know what to do!
Click here to sign up for the Monthly IT Security Awareness News You Can Use Newsletter
Team Lead: Patrick Phelan