SafeLinks not re-writing/analyzing specific URLs

%3CLINGO-SUB%20id%3D%22lingo-sub-2415724%22%20slang%3D%22en-US%22%3ESafeLinks%20not%20re-writing%2Fanalyzing%20specific%20URLs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2415724%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Team%2C%3C%2FP%3E%3CP%3E%3CBR%20%2F%3ERecently%20we%20have%20seen%20an%20uptick%20in%20a%20phishing%20campaign%20which%20targets%20user's%20by%20using%20old%20email%20conversations%20as%20thread%20and%20includes%20a%20link%20to%20download%20malicious%20file.%26nbsp%3BThe%20link%20which%20is%20present%20in%20the%20email%20body%20is%20not%20having%20any%20prefix%20(https%2Fhttp%2Fwww)%20due%20to%20which%20it%20is%20not%20recognized%20as%20a%20URL%20by%20MS%20and%20not%20being%20re-written%20(attaching%20screenshot%20for%20reference).%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20any%20rule%2Fcondition%2Fsetting%20that%20can%20be%20used%20to%20detect%20%26amp%3B%20block%20such%20URLs%2Femails%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2415724%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
New Contributor

Hi Team,


Recently we have seen an uptick in a phishing campaign which targets user's by using old email conversations as thread and includes a link to download malicious file. The link which is present in the email body is not having any prefix (https/http/www) due to which it is not recognized as a URL by MS and not being re-written (attaching screenshot for reference). 

 

Is there any rule/condition/setting that can be used to detect & block such URLs/emails?

0 Replies