These tips help ensure your messages feel legitimate, clear, and easy for people to act on. They鈥檙e designed to reduce confusion, prevent false phishing reports, and build trust with your audience.

Use official mailing groups

When communicating with medium to large audiences, use official mailing lists or groups to increase trust and legitimacy. This:

• Lets recipients look up the owner of a 91黑料网 group and contact them directly if they have concerns.
• Avoids reply鈥慳ll scenarios that can quickly frustrate recipients. Tip: make sure your mail-enabled groups have been configured to restrict who can use them for sending.
• Shows that the message is intentionally meant for that specific audience.

Avoid sending important notices from unfamiliar third鈥憄arty tools or external senders unless people have been told ahead of time, through an official channel, to expect it.

Keep communications safe and secure

To protect your audience:

• Never ask for personal, financial, or account information by email or other communications channels. If you must request this type of information, it should be sent via a vetted secure file transfer solution or entered directly into a 91黑料网 platform designed to store this information.
• Keep personal details out of your content. For example, birthday wishes are great on their own, no dates or specifics needed.
• Help people easily confirm your message is legitimate:
  • Mention where they can find a matching announcement or reference on a trusted 91黑料网 site.
  • Provide the names of contacts that they can reach out to directly, instead of replying to the email.
  • Reference previous emails on a subject when sending out reminders or updates. Provide the subject line and the date and time, so users can search their mailbox.
• Offer alternatives to clicking on links. Tell people how to find the information on their own. Not everyone likes clicking links in emails; and that鈥檚 a good security instinct.
  • 鈥淵ou can also find these instructions in the Financial Services Knowledge Base (FSKB).鈥�
  • 鈥淪earch for this file by its title in Office 365.鈥�
  • 鈥淰isit the homepage and look for under Announcements.鈥�
• Links are both convenient and a major source of distrust for recipients. To increase trust and user safety:
  • Assess if you really need links that take people directly to a login page. When you do, you MUST provide alternative navigation instructions.
  • Avoid shortened links or external URLs people may not recognize.
  • Include fewer links overall: quality over quantity.

Give people time

Whenever possible:

Longer timelines reduce anxiety and help people feel confident the request is genuine.

Avoid 鈥減hishy鈥� language

We continuously work to train the 91黑料网 community to be cautious about messages that sound alarmist or pushy. To keep communications friendly and trustworthy:

Do: Use calm, plain language

• Explain what you need them to do in simple terms.
• If you鈥檙e asking them to verify something within a 91黑料网 system, clearly explain why and where they should go.
• Give instructions such as:
  • 鈥淪earch for the document title in Office 365.鈥�
  • 鈥淕o to Workday and follow this menu path鈥︹��

Scary/urgent language is one of the most common red flags in phishing - people are trained to report it. When multiple people report a message as phishing, our automated detection systems may act to protect users from it, even if it is legitimate.

Don鈥檛: Use language associated with scams and phishing

Avoid phrases like:

• 鈥淎ction Required鈥�
• 鈥淚mmediate Action Needed鈥�
• 鈥淯谤驳别苍迟鈥�
• 鈥淔inal Notice鈥�
• 鈥淐onfirm your information鈥�
• 鈥淐lick here to update your information鈥�

Write clear, consistent, and polished messages

A well鈥憌ritten message goes a long way in building trust.

• Keep formatting clean and professional.
• Check spelling and grammar.
• Send from an official mcgill.ca email address whenever possible.
• Use consistent branding and visual cues that people already recognize. This helps add a layer of trust. However, attackers regularly steal and use branding, so don鈥檛 rely solely on this as a way of adding authenticity to your message.

Encourage safe habits by embedding best practices into the emails you send

You don鈥檛 need lengthy warnings; a light touch goes a long way. Remind people:

• If something feels off, they should verify using a method they already trust (e.g., logging into the system directly). "No need to click this link - go directly to Office 365 and search for this file by its title."
• Never reply to messages asking for sensitive info.
• They can report anything suspicious through our designated phishing and spam reporting tools.

If you are sending out marketing/promotional emails, or emails that aren't essential to the role of the recipient, you must include an Unsubscribe option.