Don’t Design Your Emails to Look Like Phishing.
By Robert D Maughan, on 26 October 2018
Something Phishy this way comes
We try to point out to people how to spot emails which are phishing attacks. We would like everyone to be a little cautious and think for a moment before they click on a link or open an attachment. However sometimes genuine emails are written in such a way they start to look like a phishing attack. We don’t want anyone to miss out on genuine emails nor do we want people to get comfortable clicking on things that look like phishing attacks.
So we thought we would offer a little advice on how to avoid looking like a criminal trying to steal someones identity.
How not to look like a phish
Use a UCL email address to send out UCL emails. Phishers often use look alike domains but should not have access to genuine internal UCL accounts.
Don’t use link shortening services like bit.ly as those are often used by phishers to hide where they are really connecting you to.
If you are referring people to an externally hosted site consider including a link to a page on the UCL website as well. The UCL page can talk about the mailing and show the address you are going to direct people to. This lets people check if a mailing is genuine or not.
Use a spell checker and think about how readable your email is before you send it. Many phishers don’t have a good command of English and don’t send particularly business like emails.
Thought of an idea I have not mentioned here? Why not add it as a comment?