June 20th, 2013

Prevent email phishing attacks with real-time link click protection

LuxSci’s Premium Email Filtering service, which works with LuxSci-hosted and externally-hosted email, has a little known feature called “Click Protection” which actively protects end users from phishing attacks and malware.

Some of the most common forms of malicious email involve links which:

  • Send you to a “phishing” web site: one which looks like a legitimate site (e.g. Bank of America) but which is not. These sites try to get you to give up personal or financial information for malicious uses. More on phishing and social engineering.
  • Send you to a site infested with malware: sites which include content that downloads viruses, spyware, or other unwanted programs onto your computer without your consent or (sometimes) even your knowledge. All you have to do is click on the link and you could be infected (depending on what security vulnerabilities are currently open on your computer / browser).

These are nasty. Premium Email Filtering (and indeed many filtering solutions) try to detect such emails and links in messages and block the messages outright as malicious. However:

  1. For new threats, some messages may get through to recipients before these web sites are identified as malicious.
  2. The links may point to valid malicious web sites which later, after the emails are successfully delivered to the unsuspecting recipients, are updated to contain malicious content.

So, it is quite possible for email messages with not-yet-malicious or not-yet-known-to-be malicious links to make it through any filtering system and land in your user’s INBOXes, endangering their computers and identities.

What to do?  Enter “Click Protect”

When you enable the “Click Protect” feature of LuxSci Premium Email Filtering (it is off by default):

  1. All links in filtered email messages are replaced new links
  2. When a user clicks on these links:
    1. The destination page is analyzed and scanned right then to see if it is currently malicious
    2. User can be blocked from unwittingly accessing malicious web sites
    3. Email click-throughs are logged and administrators can see audit trails of this activity.

The system is about as good as you can get because:

  1. The target web site is scanned in real time, right before you access it … so if it has changed and gone from “good” to “bad”, you will not go to the “bad” version.
  2. It does not rely solely on databases on bad sites, it actively scans the web sites using McAfee scanning software each time you attempt access.
  3. Even the most technical users can be lax or distracted and accidentally click on a link that would be hazardous — this service protects them and works no matter if they are accessing email from a program (like Mac Mail, and iPhone, or Outlook) or from WebMail.

LuxSci Customers with Premium Email Filtering can enable and configure Click Protect in the Premium Email Filtering portal.

Leave a Comment

You must be connected or logged in to post a comment. This is to reduce spam comments.

If you have not previously commented, you can connect using existing social media account, or register with a new username and password.