Avoid writing emails that look like phishing messages

Published October 14, 2021

by Grace Golabek

Phishing attempts—fraudulent emails designed to trick people into revealing sensitive personal information—are especially insidious because they often claim to be from a trusted source, like a colleague, or your bank… or your university.



UBIT Student Ambassador Grace Golabek.

Grace Golabek (UB student, Class of 2019) is a Business major with a minor in Mandarin Chinese. After graduating from UB, she hopes to attend law school, pursue a career as a civil rights attorney, and revive the trend of pink business suits. A Hamburg, NY native, Grace enjoys conspiracy theories and writing.

Because scams routinely impersonate people or institutions we trust, people may be more cautious about the messages they receive, even from trusted sources. This vigilance is generally a good thing—however, if you’re responsible for sending out important information for your department or organization, you might find it more difficult to get your message across.

Here are a few things you can do to avoid giving your emails the appearance of a phishing attempt, and give your recipients confidence that your communication is legitimate.

Point to a legitimate online source

If you’re notifying customers of an important change or asking them to take action on something, publish the relevant details on a prominent part of your official website.

That way, you can refer them to an official source where they can easily find the information, verify that it is accurate and take the necessary next steps.

Don’t link to third-party apps or content

Likewise, avoid using any links in your email that point to unofficial, or third-party, sites or information. If you’re using third-party tools, like an app for taking surveys, link to the app on your official website, and direct your audience there instead.

Whenever possible, direct your recipients to the information they need using words, rather than web links, which can be easily falsified and used as a tool for phishing.

Include a real person’s full contact information

While phishing emails can, and often do, impersonate real people, it’s important to include contact information for a person who can provide more information and answer questions.

In addition to being helpful, this allows readers to check your official website to ensure the contact information matches a real person associated with your organization.

Keep it professional

Phishing emails are known for their spelling and grammatical errors. Part of sending professional communications is taking the time and effort to ensure that your message is thoughtfully conveyed in a clear way that is respectful of and appropriate for your audience.

You can ensure your communications seem professional—and combat any suspicion about the legitimacy of their source in the process—by making sure they:

  • Are clear about their purpose, stating the topic directly, then staying on topic; avoid any “bait and switch” tactics or provocative, “clickbait”-style statements or questions.
  • Avoid spelling errors, and avoid non-standard spelling and grammar like multiple punctuation marks, words in all caps etc.
  • For written communication, avoid multiple fonts and colors, and make use of any official brand colors and images. For email subjects, remove any mentions of Re: or Fwd:.

Stay safe

It is always a good idea to education yourself, your colleagues and your audiences on how to avoid phishing attempts and other scams. You can see samples of real phishing attempts on the UBIT website, and find out how to recognize a phishing attempt and report suspected phishing attempts sent to your UBmail address.