On August 30, 2022, UW-IT will implement a new security feature, ProofPoint’s URL Defense, that will help block harmful attacks that are distributed through specific kinds of emails referred to as phishing or spear phishing.
- This new capability, URL Defense, provides an added layer of protection in your UW email by blocking access to web pages or URLs that are suspected to be malicious.
- While ProofPoint’s URL Defense mitigates the threat of malicious links in email, it doesn’t guarantee that every link contained in the incoming (external email to @uw.edu) is safe to click. Please continue to exercise caution when inspecting URLs embedded in email.
Domains that end in uw.edu or washington.edu will not be rewritten.
Why this change and why now?
Cyber thieves and other adversaries use phishing messages, as well as more specifically targeted attacks known as spear phishing, to try to steal UW NetID credentials and other account passwords. Such messages often contain links that lead to phony web pages that have been designed to trick end users into either entering their UW credentials or downloading malicious software (malware) programs. These web pages may look like legitimate websites because they are stylized with logos and other design features copied from, for example, legitimate UW web pages.
Their tactics and goals may vary, but typically scammers may be searching for personally identifiable information (PII), such as Social Security numbers, credit card and bank account numbers and passwords, and any data that they can use to either access financial accounts or sell on underground forums. They also may be looking for ways to infiltrate University systems and networks to continue to compromise accounts and steal data. In some cases, they may be trying to deliver ransomware, a type of malware that locks up data and devices until a sum of money is paid to the cyberthieves. More information about common scams, phishing emails, and ransomware can be found on our Scams, Phishing Examples, and Ransomware web pages.
URL Defense is being implemented to block these potentially harmful attacks and mitigate their impact on the UW community.
How does it work?
Certain links in email messages are evaluated to determine if they may lead to phishing or malware-infected websites. These links, after being evaluated, will be rewritten. This means URL Defense will add on (in brackets) the source domain and when you hover over the link, you will be able to see the full URL. If you click on a link that was evaluated and suspected to be a malicious website, you’ll see a notification (like the one after this paragraph) that you’ve been blocked from that site.
How do you enable it?
There is nothing you need to do to enable this new feature, which will be implemented on all accounts that forward to UW Google and UW Exchange.
Proofpoint already operates at many major research universities, more than half of the Fortune 100 companies—including leading global banks and retailers—and major pharmaceutical companies.
What if a link was wrongly blocked and you actually need access?
If a link is blocked, you can request the link be reviewed and the block removed if the website is not malicious. To request a review send an email to help@uw.edu with “URL Rewrite Block Removal” in the subject.
More information on IT Connect:
Proofpoint Targeted Attack Protection URL Defense