The University welcomes enhanced protection in Office 365 against malicious links and attachments. Image Safe Links is part of Microsoft's security feature that helps better protect users from malicious links. These may be sent in an email or Microsoft Teams message to any University of Edinburgh staff or student accounts. Safe Links checks all URLs and attachments, to determine if they are malicious or safe before allowing the web page or file to load. If Safe Links detects an anomaly after scanning the URL or attachment, the item will be marked as insecure and display a warning message the user. According to Verizon's 2022 Data Breach Investigation Report, “Web Application and Email” were the top two target areas of IT security breaches over the past twelve months. The enhanced security offered by the Safe Links feature will block phishing scams and prevent the infiltration of malicious software into UoE accounts. How Safe Links works in email messages All emails go through the cloud-based filtering service Exchange Online Protection (EOP), which checks for spam and malware before the message is delivered to an inbox. The user will then open the message in their mailbox and click on any URL included in the text. If this URL is deemed to be unsafe, a malicious warning page will appear. If the URL points to a downloadable file and the correct setting is turned on, the downloadable file is checked. If the URL is determined to be safe, the website will open. If a user is certain that a URL or attachment is safe but has been blocked by Safe Links, contact the IS Helpline with a request to submit the link to Microsoft for analysis and eventual unblock of the URL. Safe Links settings for Microsoft Teams Any URLs sent in Teams are checked against a list of known malicious links at the time of being clicked on. If a link is found to be malicious, users will have the following experiences: If the link was clicked in a Teams conversation, group chat, or from channel, the following warning page will appear in the default web browser. If the link was clicked from a pinned tab, the warning page will appear in Teams within that tab. The option to open the link in a web browser is disabled for security reasons. Depending on the individual account settings, the user might be allowed to click through to the original URL (the option to click ‘Continue anyway (not recommended) will appear in the warning page). We recommend that you don't select the setting titled “Let users click through to the original URL,” to ensure that users can't click through to the original URL. Clicking the Go Back button on the warning page will return the user to their original context or URL location. However, clicking on the original link again will cause Safe Links to rescan the URL, so the warning page will reappear. How Safe Links works in Office apps A user signs in using their work or school account in an organization that includes Microsoft 365 Apps or Microsoft 365 Business Premium. The user opens and clicks on a link an Office document in a supported Office app. Safe Links immediately checks the URL before opening the target website. If the URL is included in the list that skips Safe Links scanning, a blocked URL warning page will open. If the URL points to an unsafe website, a malicious website warning page (or a different warning page) opens. If the URL points to a downloadable file it is checked. If the URL is considered safe, the user is taken to the website. If Safe Links scanning is unable to complete, Safe Links protection does not trigger. For Office desktop clients, the user will be warned before they proceed to the destination website. If you receive a suspicious email which encourages you to click a link or open an attachment, report it through the following process: On the email itself, next to the ‘Forward’ button, you have the option to “forward as an attachment” click this. Send this to is.helpline@ed.ac.uk You will receive an automated email back with guidance on what to do if you have clicked a link or opened an attachment from the suspicious email. Doing this helps to collate any phishing items with other reports of the same attack. (Do not send a screenshot or forwarded copy of the email, as it does not provide this data) You can also visit the FAQ page to find answers to the most frequently asked questions about information security at the University of Edinburgh. Publication date 08 Feb, 2023