Introducing Safe Links

trish IT News, O365, StirCyberSec

protecting you from malicious links in email

In summary

  • Safe Links is a Microsoft security feature that checks every link you click in an email for malicious content and blocks access if content is suspicious
  • It changes the URL of the link briefly to direct it through the checking servers. Links are prefixed with https://eur03.safelinks.protection.outlook.com/
  • If you (staff) are having difficulty seeing the original URL in an email link, install Microsoft Office 365 Click to Run (CTR) from Software Centre/RAP. CTR allows you to mouse over a link in an email and see the original URL. CTR is the new version of Office, it will remove Office 2016 and update all of your MS software to the latest version.

What is ATP Safe Links?

ATP Safe Links is part of Microsoft Advanced Threat Protection (ATP). This feature rewrites every URL found in an incoming email in order to redirect users through a Microsoft proxy server which checks at the time of click if the URL is safe to view.

When a URL in an email or Microsoft Office Online document is clicked, Safe Links performs a scan to determine if the hyperlink is malicious. Safe Links also scans any documents available on that link at the time of click to prevent malicious file downloads to your system.  

If the link is determined to be safe to view, you will proceed as expected; if the link is determined to contain malicious content, your are redirected to a warning page instead. 

Only incoming links are rewritten. When a user writes an email to an external party, the URLs in that message are not rewritten

What are the benefits of ATP Safe Links?

  • Because we all share many links via email, Safe Links helps to prevent inadvertent access to malware through links and attachments. The solution is seamless from a user experience perspective, and the product is unobtrusive, working efficiently in the background.
  • While the content is being scanned, the URLs are rewritten to go through Office 365. The URLs are examined in real time, at the time a user clicks them. If a link is unsafe, the user is warned not to visit the site.
  • ATP provides the ability to manually block URLs. Phishing URLs in email messages do not normally contain malicious content, but have a malicious intent. This feature allows Information Services to manually block unwanted URLs to further protect Stirling from phishing emails.
  • IS removes mass phishing messages from Stirling’s mailboxes – however this procedure does not protect users that forward their email outside of Office 365. ATP Safe Links continues to protect mail that is forwarded. When a link is blocked, it continues to be blocked even after being forwarded outside of Stirling mailboxes – providing better protection.
  • Reporting is available, so administrators can track which users clicked a phishing link and can warn them to change their password to prevent compromising their accounts.

What does ATP Safe Links look like? 

The hyperlink in every email that you receive will be rewritten and appear differently than they are currently displayed. The new URL will start with this prefix (or similar), the rest of the URL is very long.

https://eur03.safelinks.protection.outlook.com/

What do I do if I see a phishing email in my inbox?

When you see a suspicious email please forward the message to the Information Centre this is a monitored email address. When IS identifies a URL that is malicious, we can put the URL in a block list.

What do I do if I am blocked from accessing a legitimate website?

Contact the Information Centre to report any false positives, a white list is available to help manage URLs that should not be scanned.

Having any issues with Safe Links?

Safe Links works best with the latest version of Office on your computer. In Office 2016, you may not be able to see the original url of a link in email when you mouse over it. This can be easily rectified by upgrading your device to Microsoft Office 365 Click To Run (CTR). Click to Run is the latest version of the Office software. It is available to all staff via Software Centre/Run Advertised Programmes on domain PCs/laptops. Installing Click to Run will remove Office 2016 and replace the various Office apps (Word, Excel etc) with the new versions.

Credits
Article draws heavily from a Queens University web page 🙂