Hackpads are smart collaborative documents. Join Hackpad Now.

Sheryll Sulit

19 days ago
Unfiled. Edited by Sheryll Sulit 19 days ago
Links in emails and texts are useful for users, but they can also pose a phishing risk.
  • To include links you’ll have to show that the level of risk is appropriate. For example, if you send a tax reminder and include a link to where the user can pay tax, that’s useful. If the only risk is that someone else pays that user’s tax, that’s probably an appropriate level of risk.
  • Links should only be to pages on GOV.UK, preferably the transaction start page.
  • Links should not go to a page immediately asking users to provide login details.
  • We still need to pass this by an information security expert
  • Personal information
  • Do not include any personal information that can be used to gain access to the account or more personal information (eg through the call centre).
  • Assume that the notification could be read by anyone, not just the recipient.
  • Include information that only the service would know (eg first name). This helps to build trust that the notification is from a Government service.
  • We'll review the notifications and links, and ask for changes if necessary

Contact Support

Please check out our How-to Guide and FAQ first to see if your question is already answered! :)

If you have a feature request, please add it to this pad. Thanks!

Log in / Sign up