Outlook - How to Read Rewritten Links

How to read rewritten links

Please do not use this method to bypass a rewritten link. Visiting the original URL instead of the rewritten URL increases your risk of being the victim of a cyberattack.

Links in external emails are rewritten by Proofpoint Targeted Attack Protection (TAP). When you hover over a link in an email, if the URL begins with ‘https://urldefense.com’ then it has been rewritten by TAP.

For links rewritten by TAP

Hover over the link to see the rewritten URL. The original URL is encased in a double underscore within the rewritten URL. The original URL begins after the first double underscore and ends before the second.

See the example below with the original URL in red and the rewritten section in yellow.

Text

Description automatically generated

Rewritten URL: https://urldefense.com/v3/__https://click.e.tiaa.org/?qs=1983bee6439e7343926a1b2a9710f5a553fd2ed27617d445af67e689b9d22f3f174d26bc0582a201094b976d046ab5dddbbcb0ce42b07735__;!!JsVmmI8-!YcINkTtbXH7aqbFEgm2BL0V83VkM9x8h2FJ9hhl-Nhh0WCvEyZN6sOs4ifnQ5LY$

Original URL: https://click.e.tiaa.org/?qs=1983bee6439e7343926a1b2a9710f5a553fd2ed27617d445af67e689b9d22f3f174d26bc0582a201094b976d046ab5dddbbcb0ce42b0773

For assistance decoding a rewritten URL, please contact the Help Desk.