With the recent implementation of a new email gateway at LCC, ITS is implementing advanced security features. One change you will notice is what pops up when you use the “hover” technique, placing your mouse pointer over a link in an email to see the website address.

This is an important change to pay attention to because it will affect how you evaluate links in emails. The address that pops up will look more complicated – and possibly more “phishy” – than it has in the past, but read on to see how you can quickly become familiar with reading this new format.

 

New feature: URL Rewriting

This new security feature rewrites the website link, meaning it changes the website address in the email to include the security scanning site. The scanning site analyzes links in emails for legitimacy and protects users who open malicious links. 

For instance, in our old email system, when you hovered over a youtube.com link that someone external to LCC emailed you, you might see:

In our new email system, the website address that pops up when you hover over the link is modified to include the security scanning system, called URL Defense. In this case, when you hover your mouse over the link, it will show:

You will see that the link now begins with “urldefense.com”. When you open the link, your browser will open the URL Defense website and scan the website (in this case, it’s www.youtube.com). If it’s not malicious, you will be redirected to the website. If the site is malicious, you will be directed to a splash page (a warning website) that will ask if you really want to go to the site. (If this happens, we recommend closing the browser window.)

 

How to read the new links

When examining the new format of URLs in emails, you can ignore the first portion that includes “urldefense.com” and ends with multiple underscores, such as: “https://urldefense.com/v3/__”. You also can ignore the portion after the second set of multiple underscores (the part that looks a bit like gibberish). The true address is between the multiple underscores.

For example, if this is what is shown when you hover over a link in an email:

https://urldefense.com/v3/__https://www.youtube.com/__;!!IgnU!Ue-RCgPV1fz3ZFauZzQ5hbJK-C0rHN3u8SX1mVhIgT2JFCyTe09c6mVsGGPAvnju2l5t6Di_rLfBsYx0zRlNlItjDA$

You can see:

• The beginning portion that’s inserted by the new email gateway system: https://urldefense.com/v3/__
• The true URL, https:/www.youtube.com, which starts after the first set of multiple underscores, and end before the second set of underscores.
• The remaining characters (__;!!IgnU!Ue-RCgPV1fz3ZFauZzQ5hbJK-C0rHN3u8SX1mVhIgT2JFCyTe09c6mVsGGPAvnju2l5t6Di_rLfBsYx0zRlNlItjDA$) that are added by the URL Defense scanning service and can be ignored.

It’s easy to read the links once you know what to look at!

 

Links in internal emails

Links in emails between LCC users do not get rewritten and scanned by URL Defense. This is because those emails remain within our Microsoft domain and do not pass through the enhanced scanning service.

If you have any questions or need further info, please contact the ITS Division’s Director of Information Security Paul H. Schwartz at schwarp1@lcc.edu.