Security & Compliance
When clicking on a web link in an email, people don’t really know where the link will take them to. Malware distributors use disguised links to fool people into visiting sites that attempt to install malicious code. Click and… CRASH.
Links might appear legitimate but have a letter missing or altered, such as “wikipedia.com” appearing as “wikipidia.com”. Another trick is to embed a hyperlink that is different from the text link shown in the message. Short links from services like “bitly” and “tinyURL” are great for fitting long links into email, Twitter and Facebook messages, but can also be used to hide malicious websites.
Phishing scammers send messages that pose as legitimate companies to deceive people into giving up personal or financial information. Here again, the links and destination websites appear legitimate, such as PayPal or a bank, but are not. Any personal or account information provided could be used for identity theft.
Among the myriad of internet security threats, the prevalence of malicious URL links is rightly one from which companies want to protect their users.
It will help if users appreciate the risks associated with email URL links and can take proactive measures themselves to avoid security problems. Educate users about what to look for and what to do:
Beyond educating users of these common pitfalls, the best approach for companies is to use real-time URL scanning and protection.
Antivirus or anti-malware software or cloud services can include this feature. It automatically scans incoming emails for suspicious URL links and flags them. It may also scan the link again once you click on the link.
Based the policies set by administrators and the severity of the threat, one of several actions is taken:
Depending on the response, some user discretion is involved, which again affirms the need to educate users about the risks involved with clicking on unfamiliar or suspicious links.
In enterprise-class email protection solutions, administrators should be able to set the URL link scanning policies for all users. These generally are based on the groups and domains to which users belong.
SECURITY & COMPLIANCE