Proofpoint - Targeted Attack Protection (TAP) for external email

Proofpoint (TAP) is a new service which filters for phishing email messages to help protect users from malicious URLs.

Introduction

To protect Clemson account holders and the university’s network, CCIT will soon employ an email security product called Targeted Attack Protection (TAP) from the security company Proofpoint to scan all external email.

Cybercriminals commonly send malicious  hyperlinks via email in order to infect computers with malware or direct users to websites designed to trick them into revealing their account credentials. This system protects users by blocking links to known malicious websites.

TAP works behind-the-scenes, which means you do not need to do anything to activate or take advantage of the system.

How does Proofpoint TAP work?

Proofpoint URL Defense will route all incoming external email traffic through special servers that will rewrite all URLs to initially go to Proofpoint.  The link will be scanned and if it is safe, the new Proofpoint URL will redirect to the requested webpage.  If the link is not safe, a notification will be displayed that the website has been blocked.

Proofpoint URLs will begin with https://urldefense.proofpoint.com.

What email is scanned?

Clemson's Proofpoint system only scans email that is sent to your '@clemson.edu' email address from an external non-Clemson email address.  Messages sent between Clemson accounts or directly to your Google Apps for Education account will not be scanned, therefore the hyperlinks in these emails will still pose the risk of phishing. 

What do rewritten hyperlinks look like?

The easiest way to see that Proofpoint is working is to hover over a URL in an email you have received. The URL displayed will begin with “urldefense.proofpoint.com” before the rest of the URL name and a string of numbers and letters.

Example: 

What message will I receive when a website is blocked?

 Proofpoint Blocked Message

What should you do if you receive the blocked message?

If the email came from someone you know, please advise them of the problem. The site will continue to be blocked until the security issues are resolved.

Will I see any difference when I click on a URL?

When you click on a URL you will see a brief display of the URL before being redirected to your destination.

Will plain-text emails look different?

Emails sent and received in plain text do not include HTML markup, such as embedded URLs. When TAP detects a hyperlink in a plain-text email, it will rewrite the URL in plain text. In this case, you will see the rewritten URL directly in the body of the email.

Will my email attachments be changed?

At the current time, Proofpoint will not scan or change email attachments.  

Posted - Tue, Aug 16, 2016 at 9:26 AM.
Online URL: https://hdkb.clemson.edu/phpkb/article.php?id=420