Writing Verifiable Emails
A legitimate email can easily be disregarded as spam or a phishing attempt, creating a problem when important information that requires follow-up on the part of the recipient is ignored. Email phishing attempts are scams designed to trick the recipient into supplying valuable personal information and are used for a range of malicious activities, including identity theft. Today's savvy email user has learned to read between the lines and avoid these scams by watching for telltale phishing clues.
By following a few simple guidelines for writing verifiable form emails, university departments can better ensure that their messages will be received. For example, including a contact person with a phone number and email address in the signature block and/or as a separate paragraph in the body of the email allows the reader to verify that the email is legitimate.
To validate the legitimacy of this email, or for assistance, please contact [the department] at 479-575-xxxx or firstname.lastname@example.org.
University of Arkansas
Some other guidelines for creating verifiable form emails include:
- Remove http:// from any URL that points to a login page, a page where readers change or verify account information, or pages containing sensitive personal or financial information. Without http://, a clickable link is less likely to be created in the email body text, forcing readers to copy and paste the URL into their browser and reassuring them that it is not a fake link with a redirect to malicious sites.
- Where possible, refer readers to departmental web pages or other trusted sites containing a version of the same or related information.
- Never request readers reply to an email with personal information. Refer readers to a secure online form or printable form with instructions on how to submit information to the appropriate office.
- Always send official form emails from a valid UARK email address, not from Gmail or SurveyMonkey, for example.
- Always use "University of Arkansas," not "UA" or "U of A." By following the University Relations Style Guide standards, your form email will have a greater degree of credibility.
- Carefully proofread form emails. Users are suspicious that emails with obvious grammatical and spelling errors are potential phishing scams.
- IT Services provides a series of security-related how-to pages advising readers of the warning signs of malicious email and other dangers online. Include how-to links in a form email when appropriate.
The following example of an unverifiable form email requests student banking information via email. The greeting is generic and impersonal, and it doesn't provide a URL for the recipient to copy and paste into a web browser. There is no contact information, making it impossible for the recipient to securely verify the information in the email.
What Not to Do When Writing a Form Email
We have received notification from your bank that your direct deposit has been returned because of an incorrect checking account or bank routing number. Please verify your banking information and correct it using the Direct Deposit website and respond to this email or request a paper check by responding to this email. I have inactivated your direct deposit.
What to Do When Writing a Verifiable Form Email
[Student First and Last Name],
[Department Name] has received notification from your bank that your direct deposit was returned due to an incorrect checking account or bank routing number.
To update or correct your banking information, log into [DirectDepositwebsiteURLwithoutHTTP://] with your UARK username and password.
To validate the legitimacy of this email or for assistance, contact [Department Name] at 479-575-xxxx or email@example.com.
Staff and/or Department Name
Departmental Campus Address