Defending Against Phishing Attacks

Adrien Gendre

October 14, 2016

2 min


There may be no feeling less comfortable in modern life than the moment you panic about clicking on a link that appears to activate something very bad on your device.

The five stages of grief follow in a few brief seconds:

  • Anger (How could I be so stupid?)
  • Denial (Maybe it’s nothing…)
  • Bargaining (I promise I will never click another link as long as I live)
  • Depression (This is going to kill my whole day) and finally
  • Acceptance (Well, I guess I really will be calling IT for a loaner after all.)


The Risk of Phishing URLs

You shouldn’t feel bad. It happens to a lot of people. I mean a lot of people. According to research done in Europe, more than half of us are likely to click on a link in an email from a stranger. Other data suggests that about half of all phishing emails are opened, with recipients also clicking on the links 10% of the time.

Unfortunately, most of the best-known email security systems can be easily fooled by URLs in phishing emails. These email security systems will explore any URL to be sure it’s not hosting a phishing site or a virus. However, they typically only check it out at the moment the email hits the server, before the recipient has even seen the message.

So far, so good. The problem is that sophisticated hackers know how the filters work and get around them by sending time-bombed URLs:

  • The email gets sent with a benign URL.
  • Then, after the message gets past the initial filter and is sent on to the end-user, the domain of the URL shifts to a malicious website.

Click on it, and you’re owned. seemed harmless when your email security system scanned it. Now, a few hours later, it has been redirected to

The phishing link could look like a normal site but is actually a fake (but highly realistic) website designed to steal log-in credentials for networking access, CRM and accounting systems, file sharing systems, and more. You might even end up with a root kit on your device. And you won’t know you’ve been fooled by just looking at the fake site. Hackers have the ability to mimic sites so well that even the savviest users can get fooled.

Solving the Phishing URL Challenge at “Time of Click”

Vade Secure’s webpage exploration engine defeats time-bombed URLs by examining the URL at the exact time-of-click. It can catch dynamic links and “sleeper” malware and phishing pages. Once a user clicks on a link in a message, the webpage is opened in a secure environment (proxy) to further verify its safety. This way, if the link is redirecting to malware, Vade Secure will block it before it has a chance to infect a user’s device.

The “time of click” URL detection is part of Vade Secure’s overall layered approach to anti-phishing defense. Vade Secure enhances the anti-phishing defense by developing an overall sense of the user. Proprietary processes match the style and technical indicators of the claimed sender of any given email with known information about the actual sender. To achieve this goal, Vade Secure looks at multiple elements of every email. Behavioral analysis examines everything from filenames, header fingerprints to the code and commands embedded in attachments. This in-depth proprietary defense system is bolstered by two external antivirus solutions to weed out virtually all malware.

The Vade Secure solution will also notify system administrators if users are clicking on suspicious links. The solution keeps track of original URLs, even if they are later changed. This is helpful for long term security as malware links are sometimes clicked in old emails.

Vade Secure protects corporate data assets from both phishing and spear phishing attacks. Give us a call at 415-745-3630, if you want to discuss how you can quickly add anti-phishing measures to your current email setup.