Targeted Threat Protection - URL Protect - Verifying a URL

This guide describes how administrators can verify a URL that has been rewritten by Targeted Threat Protection - URL Protect. This is important, as the original URL can tell you a lot about where you are about to go.

Overview

• Suspicious redirects: Multiple redirects or redirects to unfamiliar domains may indicate malware or phishing attempts.
• Unfamiliar or suspicious URLs can be checked by using a service like Virus Total, e.g. if the original domain differs significantly from the destination domain, or links differ significantly from the official website of the purported sender. This will inform if the URL is flagged as malicious.
• You can also check URLs via Check & Decode URLs in the Mimecast Administration Console.
• Alternatively, URLs that haven't been rewritten by URL Protect can be verified by other methods, such as using a search engine (Google, etc.) to check if the link is associated with known phishing or malware attacks or by using a service like Virus Total.

Verifying a URL

You can verify a URL, by using the following steps:

1. Right-click the URL.

2. Click Copy Hyperlink.

3. Paste the URL into your browser, but add a + to the end. For example, if the following protected link is issued:

   https://url.uk.m.mimecastprotect.com/s/F6rYCAW0hl6wn3CQg3QZ

   Add a plus sign at the end:

   https://url.uk.m.mimecastprotect.com/s/F6rYCAW0hl6wn3CQg3QZ+    

4. Press Enter.

5. Review the Original URL to ensure it is safe to go there. This URL isn't clickable to prevent access to the URL before our security checks have been performed. Do not to copy and paste the exposed link for the same reason.

See Also...

• • Configuring URL Protect Definitions

    • URL Protection Policy Configuration

    • For detailed information on how to configure, optimize, integrate, and troubleshoot, see the Knowledge Hub.