Microsoft Office 365 offers several services to protect users from malicious links and downloads. Office 365 Advanced Threat Protection Safe Links scans links for faculty and staff incoming email to protect employees from clicking on malicious, phishing, or spam links no matter where the user is connecting from and no matter what client is being used.
When Safe Links is enabled, employees may notice that the links in your email do not look as expected. This is because Outlook redirects the links through their Safe Links service to block access to a dangerous link. Because of this, you may need to change the way that you evaluate suspicious emails.
If you are using Outlook Web Access (OWA) in your browser, Office 365 will show you the “Original URL” or “Protected by Outlook” link when you hover over it. You will still be able to evaluate the URL to determine if it looks suspicious or unexpected. When you click the link, you will still be sent through the Safe Links server and prevented from accessing sites that are determined to be malicious.
For other clients, the client will not present the "original" or "protected" links as seen in the previous example. If you hover over a Safe Links protected URL you will see safelinks.protection.outlook.com (or other similar iteration) follwed by the original address within the email. This is normal and expected. In th example below, you will see the reference to Safe Links followed by the url=https://www.lsue.edu, which was the original address.
Do you know the sender?
Are you expecting a message from this user?
Does the context of this message make sense?
Has the email come from an email address you trust?
Is the message using pressure or threats to coerce you to click the link?
Is the sender threatening to “disable your email”?
Is the sender trying to coerce you to “validate your account” within a short period of time by threatening to disable your account or purge your information?
Your browser will stop at the safelinks.protection.outlook.com domain and show you the following warning. No further action is necessary.
NOTE: If you feel a site has been blocked in error please forward the original email and link to firstname.lastname@example.org.
You can still send suspicious emails to email@example.com.
If you think the email looks legitimate and click the link, Microsoft scans the contents of the site to determine if the link is legitimate. Microsoft uses intelligence gathered from emails and links across all Outlook users to help increase the likelihood malicious links will be stopped. In most cases, bad links will be caught automatically.
If you do not encounter the malicious link message, still evaluate the destination website for legitimacy.
If you think a destination site is malicious, you can report the message to firstname.lastname@example.org for further evaluation. Additionally, you can wait and check the link again through the Safe URL redirect later. As Microsoft sees more instances of a link associated with a malicious domain, the Safe Links URL may block access to the destination URL after a few minutes pass.