Microsoft Office 365: Safe Links

DoTS has enabled Microsoft Advanced Threat Protection’s Safe Links feature. This is one component of Microsoft’s strategy for protecting people from account compromise, malware, and viruses. It allows DoTS, using artificial intelligence and manual intervention, to identify dangerous links in an email and block the recipient from getting to the web page. This helps minimize the spread of common phishing attempts and web site delivered malware.

How does Safe Links work?

Safe Links identifies all links (URLs) in an email and rewrites the links to direct them to a single Microsoft hosted website. When a link is selected, Microsoft compares the actual address with known bad addresses and analyzes the site for malicious content. If the site is considered safe, the browser is redirected to the original site. If the site is found to be malicious, you are directed to a web page stating the site has been blocked (see below). Safe Links works quickly behind the scenes to help improve safety. You do not have to do anything to take advantage of the service.

With Safe Links can I just click on any link in an email?

No. Safe Links provides an additional layer of protection but no solution is 100% effective. You should still be cautious when clicking any link in an email.

Changes to links (URLs) in email

After links are rewritten by Safe Links, they appear different. In HTML formatted email. Hovering over the rewritten link displays "original URL" followed by the actual address.

In plain text email, you see a long address that looks very different than the original URL. The term "safelinks" is in the URL. The original address is everything between "URL=" and "&data=" in the rewritten address. (Note: %3A represents a colon; %F2 represents a slash.) See the highlighted section below. You can also paste your link into this page to decode it: https://www.o365atp.com/

Once Safe Links has rewritten a URL, if the message is forwarded or replied to, the URL will remain rewritten.

How Can I Report a Suspicious Email?

Selecting "Report Message" in Microsoft Outlook allows you to report any email message as junk or phishing. When you report an email using the button, the message is removed from your inbox and it is sent to Microsoft to help train our system to block similar email in the future. It will also send a copy to DoTS to help us better understand active phishing activity.

If you receive a phishing email and simply viewed the content, please report it using this feature. If you entered your username or password through a link in the email or if you opened and attempted to edit a Microsoft Office file attached to a suspicious email, please contact DoTS directly.