ITS

Information Technology Services
Information Technology Services

Security Features FAQs

Why does my name appear in the URL sent to me in an email?

ATP Link Scanning is keyed to an individual recipients mailbox. When you receive and email with a rewritten link, the URL is unique to you. If an email is later determined to be malicious, ITS can search the ATP database for all users who clicked an unsafe link and notify them to change their password or run a scan for malware on their computer.

Why did I receive a message that did not contain rewritten URLs?

There are a number of reasons why a message may not have been rewritten by Link Scanning. The primary reason is the message was sent from within Office 365. Messages sent in Office 365 do not have their links rewritten. Other reasons may include that the email was encrypted or digitally signed which prevents Link Scanning, or the message contains URLs that have been exempt from Link Scanning.

I received the red warning screen when I clicked a link - what do I do?

  1. Take a look at the site noted on the warning page, does it appear to be where you were expecting to go? Can you contact the sender to verify?
  2. If you do not want to visit this site, select "Close This Page", you may want to contact the user who sent you the email to make them aware they are sending unsafe links.
  3. If you do need to go to the site, select "Continue to this website", be vigilant on the site for signs of downloads or phishing. 

I received a phishing email where the link still works

Forward the email to abuse@queensu.ca. Add the word "Phish" to the subject line. ITS will add the URL to the unsafe link list to block users from accessing it and report it to Microsoft.

How can I tell if a link is safe anymore?

Link Scanning causes some issues because you can no longer hover over the link to easily determine where you are going after the click. You should ask yourself if you were expecting mail from the user who sent the message, and inspect the message in other ways to try to determine its intent. When inspecting the rewritten URL, the text between "url=" and "&data=" contains the destination address, you can copy the link and use a URL ASCII decoder(http://ascii.cl/url-decoding.htm) to determine the original URL, or inspect the text on the fly: %3A is a colon, %2F is a forward slash, %3F is a question mark etc. for a complete list, see ASCII encoding reference https://www.w3schools.com/tags/ref_urlencode.asp.

My Applications email notices are rewritten by Link Scanning, what can I do?

Link Scanning applies to externally hosted applications that email Queen's members. If the emails are unreadable, delivered in plain text or there are other concerns with usability, ATP provides a white listing capability. This is separate from other white lists that may already be in place for certain email addresses and applications. Application owners should contact ITS through iTrack to request an ATP URL white list.

Last Updated: July 14, 2017