Home

Safe Links not rewriting

%3CLINGO-SUB%20id%3D%22lingo-sub-825956%22%20slang%3D%22en-US%22%3ESafe%20Links%20not%20rewriting%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-825956%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20just%20received%20a%20pretty%20basic%20phishing%20email%20using%20a%20MS%20Form%20to%20harvest%26nbsp%3B%20username%20and%20passwords.%20we%20do%20have%20Office%20ATP%20enabled%2C%20but%20noticed%20that%20the%20link%20wasn't%20rewritten..and%20futher%20investigation%20showed%20in%20the%20past%20day%20no%20urls%20have%20been%20rewritten.%20Also%20when%20submitting%20the%20email%20for%20Automated%20Investigation%20the%20case%20failed%20with%20the%20error%20%22%3CSPAN%3EEmail%20Settings%20Error%22.%20We%20don't%20have%20any%20special%20config..just%20the%20defaults%20with%20a%20block%20of%20urls%20in%20the%20safe%20block%20list.%20Any%20thoughts%3F%2C%20yes%20loggin%20a%20case.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ERegards%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EJlouden%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-825956%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESafeLinks%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-826021%22%20slang%3D%22en-US%22%3ERe%3A%20Safe%20Links%20not%20rewriting%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-826021%22%20slang%3D%22en-US%22%3E%3CP%3EDo%20you%20mean%20the%20link%20to%20the%20actual%20form%3F%20It%20should%20be%20rewritten%20regardless%20of%20any%20content%20in%20the%20actual%20form.%20Depending%20on%20the%20version%20of%20Outlook%2C%20you%20might%20be%20seeing%20the%20new%20%22native%22%20rendering%20of%20links%2C%20which%20shows%20the%20original%20URL%20in%20the%20tooltip%2C%20but%20if%20you%20check%20the%20status%20bar%20or%20click%20on%20the%20link%20it%20should%20take%20you%20to%20the%20rewritten%20one.%20If%20that's%20not%20the%20case%2C%20check%20for%20any%20exceptions%20you%20might%20have%20for%20rewriting%20URLs.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%20mean%20content%20in%20the%20actual%20form%2C%20they%20just%20announced%20this%3A%26nbsp%3B%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3E%3CA%20href%3D%22https%3A%2F%2Fadmin.microsoft.com%2FAdminPortal%2Fhome%3Fswitchtomodern%3Dtrue%23%2FMessageCenter%3Fid%3DMC188695%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fadmin.microsoft.com%2FAdminPortal%2Fhome%3Fswitchtomodern%3Dtrue%23%2FMessageCenter%3Fid%3DMC188695%3C%2FA%3E%3C%2FFONT%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-828294%22%20slang%3D%22en-US%22%3ERe%3A%20Safe%20Links%20not%20rewriting%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-828294%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%20Vasil%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20did%20click%20on%20the%20link%20and%20found%20that%20it%20went%20directly%20to%20the%20site%20without%20rewriting%20the%20url.%20The%20form%20was%20external%20to%20our%20Org%20so%20don't%20think%20that%20setting%20will%20help%2C%20but%20enable%20it%20as%20soon%20as%20it%20comes%20in.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-828580%22%20slang%3D%22en-US%22%3ERe%3A%20Safe%20Links%20not%20rewriting%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-828580%22%20slang%3D%22en-US%22%3E%3CP%3EI%20would%20suggest%20you%20open%20a%20support%20ticket%20and%20report%20this%20then%2C%20it%20should%20have%20been%20rewritten.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hi All,

 

I've just received a pretty basic phishing email using a MS Form to harvest  username and passwords. we do have Office ATP enabled, but noticed that the link wasn't rewritten..and futher investigation showed in the past day no urls have been rewritten. Also when submitting the email for Automated Investigation the case failed with the error "Email Settings Error". We don't have any special config..just the defaults with a block of urls in the safe block list. Any thoughts?, yes loggin a case.

 

Regards

Jlouden

3 Replies
Highlighted

Do you mean the link to the actual form? It should be rewritten regardless of any content in the actual form. Depending on the version of Outlook, you might be seeing the new "native" rendering of links, which shows the original URL in the tooltip, but if you check the status bar or click on the link it should take you to the rewritten one. If that's not the case, check for any exceptions you might have for rewriting URLs.

 

If you mean content in the actual form, they just announced this: https://admin.microsoft.com/AdminPortal/home?switchtomodern=true#/MessageCenter?id=MC188695

Highlighted

Hi, Vasil,

 

I did click on the link and found that it went directly to the site without rewriting the url. The form was external to our Org so don't think that setting will help, but enable it as soon as it comes in.

Highlighted

I would suggest you open a support ticket and report this then, it should have been rewritten.

Related Conversations
Getting link to Posts Tab
darren365 in Microsoft Teams on
3 Replies
Links in Planner Task Notes are active!
Robin Nilsson in Planner on
0 Replies
Copying Links to Paragraphs in OneNote
kayla7 in Office 365 on
2 Replies
Form link won't open on iPhone
kjmaior in Microsoft Forms on
0 Replies
Linking to meaning of terms in a Form
AMJ_Devon in Microsoft Forms on
2 Replies