Proofpoint Targeted Attack Protection (TAP)
Proofpoint’s Targeted Attack Protection (TAP) helps protect against and provide additional visibility into phishing and other malicious email attacks.
How Does TAP Work?
TAP scans external emails for malicious attachments and rewrites URLs in the email body and certain attachments.
When you hover over a link in an email, if the URL begins with ‘https://urldefense.com’ then it has been rewritten by TAP
When you click a URL in an email message, the URL is redirected to Proofpoint’s cloud service. If the URL is not known to be malicious, you will be automatically redirected to the original URL. If the URL is malicious, you will see a warning message, and the site is blocked in your browser.
Decoding Rewritten URLs
Please do not use this method to bypass a rewritten link. Visiting the original URL instead of the rewritten URL increases your risk of being the victim of a cyberattack.
The original URL is encased in a double underscore within the rewritten URL. The original URL begins after the first double underscore and ends before the second.
See the example below with the original URL in red and the rewritten section in yellow.
Rewritten URL: https://urldefense.com/v3/__https://click.e.tiaa.org/?qs=1983bee6439e7343926a1b2a9710f5a553fd2ed27617d445af67e689b9d22f3f174d26bc0582a201094b976d046ab5dddbbcb0ce42b07735__;!!JsVmmI8-!YcINkTtbXH7aqbFEgm2BL0V83VkM9x8h2FJ9hhl-Nhh0WCvEyZN6sOs4ifnQ5LY$
Original URL: https://click.e.tiaa.org/?qs=1983bee6439e7343926a1b2a9710f5a553fd2ed27617d445af67e689b9d22f3f174d26bc0582a201094b976d046ab5dddbbcb0ce42b0773
FAQ
What should you do if you receive the blocked message?
If the email came from a trusted sender, please contact the Help Desk for assistance. Otherwise, assume the site is malicious and delete the email containing the blocked link.
Will I see any difference when I click on a URL?
When you click on a URL you will see a brief display of the rewritten URL before being redirected to your destination.
What email traffic is affected?
All emails from external senders will be rewritten by TAP.
How does this effect internal emails?
Internal emails sent between two UWS accounts will not be rewritten by TAP. However, when an external recipient replies to an email the reply and the subsequent email conversation will be rewritten by TAP.
How does this effect forwarded emails?
Once a URL has been rewritten, if the message is forwarded or replied to, the URL will remain rewritten. Additional links added to the message being replied to or forwarded will only be rewritten when sent internally.
Will plain-text emails look different?
If an email is in plain-text, the URL may be rewritten directly in the email body.
Will my email attachments be changed?
Tap will only rewrite URLs in email attachments that are plain-text or HTML based, such as attached emails. Other document types such as Word docs and PDFs will remain unchanged.
In addition to URL rewriting, TAP will also scan all attachments from external senders for malicious content.
If you believe a URL has been blocked unnecessarily, believe a fraudulent site has not been blocked, or need help decoding a URL, please contact the Help Desk for assistance.