Email Protection - Web Links
Summary
IWU Information Security [IS] has enabled a control mechanism within the IWU email system that is called Time-of-Click protection. This feature protects against malicious URLs in email messages. The feature rewrites suspicious URLs ( web links ) in email messages for further analysis. The system [Trend Micro] analyzes a rewritten URL every time the URL is clicked and applies specified actions based on the risk levels of the URLs
There are four ratings for analyzed URLs and what the system will do when they are clicked on:
- Dangerous - The URL will be blocked and a warning page will occur
- Highly Suspicious - The user will get a 'warning' page but the page can then be bypassed by clicking on 'continue to this website'
- Suspicious - The user will get a 'warning' page but the page can then be bypassed by clicking on 'continue to this website'
- Untested - The user will get a 'warning' page but the page can then be bypassed by clicking on 'continue to this website'
It is highly recommended to report any links within an email that, when clicked, show a warning page to report to Information Security via the REPORT PHISH tool.
How the Filtering Works
- When an email comes into a user's inbox it will immediately be analyzed by the feature.
- The URL will then be categorized and rewritten if necessary based on the rating system if applicable. If the URL is safe then it will not be re-written and no warning page will occur when the user clicks on the link.
- Once a user clicks on a link it will either go straight to the desired web page OR a warning page [examples below]
Figure 1.
This example page does not offer the ability to bypass so it would be advised to report the email this URL was present in to Information Security by using the REPORT PHISH tool.
Figure 2.
This page has not been tested by the security vendor but does give the user the option to 'continue to the website'. It is still advised to report untested websites to the Information Security Office to be checked as most malicious sites are newly generated and may not be tested.