Why URL link defense is so important

Security No Comments
Why URL link defense is so important

Receiving phising emails is scary enough. Is it actually a genuine email? Is that link pointing to something to something that actually does what the email tells me?

Unexpected emails may show up at any given moment in time. The timing itself is often an indicator of something fishy. (pun intended).

I received an email from a Chinese shipping company telling me that I have 6 outstanding emails which I need to review on their portal. That already is very peculiar as I’ve never dealt with that company but given the fact I had ordered something on Ebay from a chinese seller it could’ve been a genuine request.

My emails go via Proofpoint and they already flagged the message a potentially malicious and kept it quarantined for me to review first. I released the email on purpose so it ended up in my mail box. The links that are created in those emails are modified by Proofpoint so that clicks on those links will be checked and if found malicious, the access will be blocked.

I used a separate, isolated, computer to click on that link and see what happened. As expected, the url defense mechanism of Proofpoint successfully blocked the page.

This also works a-synchronously. What do I mean by that??
If an email is sent and goes through the Proofpoint system, it may be that this site has not been checked yet or has been checked as being a non-problematic site. Many malicious actors use this technique to bypass the training algorithms of existing spam checkers and security solutions. Only after a while, they will load malicious software on these sites. As any email will not have been classified as spam or malicious, they will then still sit in your inbox with that same link that has now become a dangerous gateway to hackers and scammers.

As Proofpoint has changed the link to first pass their systems, they can always flag the site as malicious and still block it, as happened in my case above, even though it did not block or quarantine the email in the first place.

This is a very powerful security mechanism to have in place and I would recommend this to enable at all times.

Contact us for more info.

Kind regards

Erwin van Londen

Print Friendly, PDF & Email

Subscribe to our newsletter to receive updates on products, services and general information around Linux, Storage and Cybersecurity.

The Cybersecurity option is an OPT-OUT selection due to the importance of the category. Modify your choice if needed.

Select list(s):