Safe Links Are Not Safe

Many organizations love the comfort that comes with Secure Email Gateways (SEGs) rewriting URLs contained within an email, otherwise known as “safe links”. But is this perceived comfort actually giving email users a false sense of security? Our experience has shown that “Safe Links” is just a big ol’ oxymoron.  Safe links are creating misleading reassurance and making people think they are 100% safe to click on the link.  Users naturally let their guard down and become even more prone to click on links because they think they are harmless. This is a recipe for disaster.

Did you know that safe links are ONLY scanning the link once it is clicked? This means these bad emails stay in the mailbox, making it easier for attackers to weaponize the links right at the moment they are clicked with a newly undetected malicious page.  This “reliable” feature is bound for manipulation and bypassing techniques that easily overcome re-writing algorithms leveraged by SEGs.

Organizations want/need to be secure and to prevent as many malicious URLs and attachments from reaching their employees. No one wants an employee to fall for an attack! The appropriate way to do this is by removing the inbound malicious links for employee’s mailboxes and eliminating them for them inbox.

Rather than leveraging the SEG approach of URL rewrites/safe links, we believe there’s a better way to solve this problem. The IRONSCALES approach is to remove all malicious links, attachments, and fake login BEFORE they reach the end user’s inbox. This gives the end user zero chance to fall for, click on, or enter username/password for any malicious content.  With our approach, the threatening email is put in a hidden deleted items folder creating actual security from the phishing attack.

But we don’t stop there. In addition to providing a best-in-class, AI/ML-focused solution to prevent the malicious content from getting to your end users inboxes, we also include hyper focused user training to help your end users to become more able to spot advanced email phishing attacks.  We believe every single organization should want their end users to have a healthy distrust of email and know the common red flags for phishing emails. This is the power of an integrated email security solution – a platform that both keeps the bad stuff out, but also conditions your end users to effectively recognize threats.

If you had to choose between Door # 1 (Safe Links misleading your employees) or Door 2 (Malicious Content quarantined and pulled pre-delivery, conditioning your users to read emails with a healthy understanding of the threats that could be out there), which one would YOU choose to protect your organization?

For more information, please visit us today at www.ironscales.com