Skip to Content

Are Your Email Protection Services Putting You in Danger?

How Are Hackers Using Security Tools Against You?

Bad people online just found a sneaky new way to trick you. They are taking the very tools meant to protect your email. Then they flip them around to hurt you instead.

Email companies like Proofpoint and Intermedia wrap your links. This means they put a special coating around web addresses in your emails. The coating is supposed to check if a link is safe before you click it.

But here’s the problem. These crooks figured out how to beat the system. They grab control of email accounts that already have this protection. Then they use those accounts to make their bad links look good.

What the Attackers Do

The bad guys follow a simple plan:

  1. They break into email accounts that use link protection
  2. They send out emails with harmful links using those accounts
  3. The protection service wraps the bad links automatically
  4. Now the bad links look safe because they come from trusted companies

These crooks are not stopping there. They make things even harder to spot. First they use services like Bitly to shorten their bad links. Then they send those shortened links through protected accounts. This creates a chain that hides the danger even more.

The redirect chain works like this:

  • URL shortener (like Bitly)
  • Link wrapper (from Proofpoint or Intermedia)
  • Final bad website that steals your information

How They Trick You

The emails look very real. They pretend to be:

  • Voicemail messages asking you to “Listen to Voicemail”
  • Microsoft Teams documents telling you to “Access Teams Document”
  • Secure file notifications from services like Zix
  • Teams messages with “Reply in Teams” buttons

All of these fake emails have one goal. They want to send you to fake Microsoft 365 login pages. Once there, they steal your username and password when you type them in.

Why This Attack Works So Well

People trust big security companies. When you see a link that starts with “urldefense.proofpoint.com” or “url.emailprotection.link,” you think it’s safe. That trust makes you more likely to click.

Security systems also get fooled. They see the trusted domain names and let the emails through. The bad links don’t get caught because they hide behind these good company names.

The Real Damage

This type of attack can cause serious problems:

  • Money loss: People lost $502 million in 2024 from email scams alone
  • Identity theft: Over 1.1 million people reported having their identity stolen in 2024
  • Time wasted: Victims spend an average of 676 days (almost 2 years) fixing identity theft problems
  • Business breaks: Research shows 67% of all company break-ins start with someone clicking a bad link

How to Stay Safe

Check URLs carefully: Even if a link looks official, look at where it really goes. Hover over links to see the full address before clicking.

Watch for redirect chains: Be suspicious if a link takes you through multiple pages before reaching the final destination.

Verify requests directly: If you get an email about a voicemail or document, check with the sender using a different way to contact them.

Look for Microsoft warning signs: Real Microsoft login pages have specific web addresses. Fake ones often use different domain names.

Keep learning: Bad people keep changing their tricks. Stay updated on new scam methods through your company’s security training.

This attack shows us something important. Even the best security tools can be turned against us. The key is staying alert and not trusting everything we see, even when it looks official.

Companies like Cloudflare have found these attacks and shared information to help others spot them. But the bad guys keep trying new things. That’s why we all need to stay careful and keep learning about new dangers online.

Remember: when something asks for your password or personal information, take a moment to think. Is this request real? Did I expect this email? Taking that extra second to check could save you from months of trouble later.