BackHow Rotate Identifies and Stops Phishing Links in Emails
How Rotate Detects Phishing Links
Rotate uses a multi-layered approach to identify malicious URLs and prevent users from falling victim to phishing attacks:
1. URL Reputation Analysis
- Checks links against a constantly updated database of known phishing domains and blacklisted URLs.
- Identifies newly registered domains that are commonly used in phishing campaigns.
2. Real-Time Link Inspection
- When an email contains a URL, Rotate analyzes the link in real-time before allowing delivery.
- Shortened links (e.g., bit.ly, tinyurl) are expanded to reveal their true destination.
3. Behavioral and Heuristic Analysis
- Examines URLs for suspicious patterns, such as typosquatting (e.g., "g00gle.com" instead of "google.com").
- Detects unusual domain structures, random subdomains, and misspelled brand names.
- Identifies links that use redirect chains to evade detection.
4. Email Content Contextual Analysis
- Scans the email body for common phishing indicators, such as urgent requests to reset passwords or verify accounts.
- Analyzes the relationship between the sender, the link, and the expected content.
5. Sandboxed Link Testing
- Rotate can open suspicious links in a secure, isolated environment to analyze their behavior before allowing access.
- Detects credential harvesting attempts, drive-by downloads, and exploit kits.
6. User Protection and Warnings
- Rotate blocks malicious links or rewrites them to prevent users from accidentally clicking on them.
- Provides real-time alerts if a user attempts to visit a suspicious site.
- Logs phishing attempts for security teams to investigate and take action.
Frequently Asked Questions
What is the Email Add-On?
The Email Add-On is a tool designed for Gmail and Outlook that helps you identify and manage malicious emails, including spam, phishing attempts, and malware. It enhances your email security by reporting suspicious emails and managing your personal spam list.
Why are mail rules a security risk?
Mail rules can be exploited to exfiltrate data, hide security alerts, or modify incoming messages. Attackers often use forwarding rules to silently send emails to external accounts or create rules that auto-delete security notifications, making it harder to detect compromises.
Why is email security important?
Email is a common attack vector for phishing, spoofing, and other cyber threats. Properly configured DMARC, DKIM, and SPF records help prevent unauthorized parties from sending emails on behalf of your domain, protecting your organization from email-based attacks.
What actions can I take on a malicious email?
When a malicious email is detected, you can take the following actions:
- Block the email to remove it from the user’s inbox.
- Release the email after it’s been blocked, putting it back in the inbox.
Can I deactivate Rotate Mail Scanning on a specific mailbox?
Yes, you can exclude specific mailboxes from Rotate Mail Scanning. This can be configured in the Configurations tab in the Email Hub under the Users and choose the users to exclude.
What does Email Threats mean?
- Phishing: A type of cyberattack where attackers impersonate legitimate organizations via email or websites to steal sensitive information like passwords or credit card numbers.
- Financial Fraud: Illegally obtaining money or assets through deceptive means, such as credit card fraud, investment scams, or identity theft.
- BEC (Business Email Compromise): A type of cybercrime where attackers impersonate company executives or employees to trick others into transferring money or sensitive information, often through email.
- Malware: Malicious software designed to harm, exploit, or otherwise compromise the data or functionality of a computer, network, or device. Examples include viruses, trojans, and ransomware.
- Spam: Unsolicited and often irrelevant or inappropriate messages, typically sent in bulk, usually through email. Often used for advertising or spreading malicious content.