27 May 2024

The Oldest Click in the Book

URL-based Phishing Attacks: Detection, Prevention and Recovery with LinkShield 2.0


URL- or browser-based phishing attacks may be the oldest trick in the book, but they remain a popular and effective means for cybercriminals to lure victims into parting company with sensitive information, including credentials used in large-scale data breaches. And while vishing (voice-based) and smishing (sms-based) attacks are also on the rise, email phishing remains the single biggest form of cybercrime. Not nervous yet? Consider reports that click-through rates on phishing campaigns are as high as 21% - a figure that should ring alarm bells for business owners and cybersecurity personnel.

As browser-based URL attacks evolve, its essential that we empower our people, and bolster our defences, to mitigate risk and enhance cyber resilience. As much as cybercriminals are leveraging Artificial Intelligence (AI) and Machine Learning (ML) to advance their threats, forerunners in email security and cyber resilience are also incorporating these emerging technologies into solutions to thwart attacks with increasing agility and accuracy.

SYNAQ is no exception – we’re excited to announce the launch of LinkShield 2.0 – a major upgrade to our native threat detection feature for URL-based phishing, malware and ransomware attacks, featuring machine learning for robust, adaptive threat protection.

Let’s explore:

Understanding URL-Based Phishing:

In January 2024, ITPro reported a 109% increase in SalesForce browser-based phishing attacks. Cybercriminals were able to impersonate an authentic Salesforce domain by compromising a business using the tech-giant’s products. They were then able to launch the attack through legitimate Salesforce servers. Unsuspecting victims received emails with links that redirected them to a spoofed version of a Meta partner portal, and their user credentials, stolen. This level of sophistication meant that these URL-based attacks went undetected by most users and Email Security Gateways.

This is just one example in an alarming trend of the increased volume and sophistication of URL-based attacks by cybercriminals attempting to break through our defences. SecurityMagazine reported a 198% increase in browser-based phishing attacks in the second half of 2023, and according to Statistica, the number of phishing domains (fake websites impersonating legitimate ones) peaked in the first quarter of 2023 at over 1.6 million sites – a year-on-year increase of an alarming 265%!


Browser-based phishing attacks
(H2 - 2023)


YoY Phishing Domains

URL-based phishing attacks rely on deception and social engineering to trick users into divulging sensitive information or installing malware and ransomware onto their devices. These malicious links often mimic trusted websites, making them difficult to identify at first glance.

Tips to Spot and Avoid URL-Based Phishing:

When it comes to email security, the weakest link is not the malicious URL, but the user. Indeed, phishing attacks rely on human error. Although most people follow email hygiene and safe usage policies most of the time, there’s always a small proportion who forget or ignore the rules.

When it comes to best practise, email security should take a layered approach. And awareness training is a key layer of your defences. Teach your people how to identify and avoid suspicious links:

  1. Hover Before You Click: Before clicking on any link in an email, hover your cursor over it to reveal the actual URL. If the link's destination seems suspicious or doesn't match the purported sender, refrain from clicking.
  2. Examine the Sender's Address: Pay close attention to the sender's email address. Phishers often use slight variations of legitimate addresses to masquerade as trusted entities.
  3. Scrutinise the Content: Be wary of urgent or alarming language in emails, as well as requests for sensitive information. Legitimate organisations typically don't ask for personal details via email.
  4. Verify Through Other Channels: If in doubt, verify the legitimacy of the email by contacting the purported sender through other means, such as phone or official website.
  5. Close the Feedback Loop: If you suspect that you have received a phishing email, report the suspicious email to your IT department or security team for investigation, and alert other users to remain vigilant against similar threats.
  6. Watch out for Typosquatting: Look out for typographical errors that are easy to overlook while quick reading. URLs created with Typosquatting look like a trusted domain at first glance, like goggle.com or yutube.com.
  7. Watch even closer for Script Spoofing: Even more insidious than typosquatting is script spoofing, where cybercriminals deceive victims with visually indistinguishable hyperlinks by using special or similar characters. This might be as simple as using the number ‘’0” in place of an upper case “O”, or a number 1 in place of a lower case ‘l’, but often makes use of special characters like the Cyrillic character “α” as in info@amαzon.com. By using these characters, URLs can easily be confused with their legitimate counterparts.

By staying vigilant and employing these simple yet effective strategies, users can significantly reduce their susceptibility to URL-based phishing attacks.

Your First Line of Defence: Email Security - URL-Based Phishing, Ransomware and Malware Detection and Protection

Even the most vigilant employee is susceptible to error. Effective Email Security, including URL-based phishing, ransomware and malware detection and prevention should form part of the first line of defence in your layered approach to email security.

URL Domain Detection tools inspect URLs, domain, pages and content to identify and quarantine or block suspicious domains. They examine length and structure of URLs, authority of domains, even website copy and traffic. But in the ever-evolving landscape of cybersecurity threats, businesses need increasingly agile and robust solutions to safeguard email communications.

By incorporating Machine Learning into URL-based domain detection tools, we can deliver adaptive, agile detection and prevention that learns and responds to evolving threats.

Introducing LinkShield 2.0

SYNAQ, as a leading provider of email security software, understands these challenges and we continually innovate to stay ahead of malicious actors.

While LinkShield, our native threat detection feature for URL-based phishing , malware and ransomware attacks, has long been an effective part of our solution stack, we’re excited to announce the launch of feature enhancements to the tool as part of our Securemail Premium offering. These enhancements underscore our commitment to cyber resilience and evolving services to respond to new cyber threats.

Enhancements to LinkShield:

The enhancements to LinkShield include proprietary Machine Learning algorithms to detect and prevent attacks with greater accuracy, as well as enhancements to the platform interface for intuitive feature functionality – making it easier for you to configure and manage your email environment in the best way for your business:

  1. Introducing LUCA: LinkShield now incorporates a beta version of LUCA (LinkShield URL Classification AI), SYNAQ's homegrown machine learning technology. LUCA enhances the use of custom-built artificial intelligence to identify zero-day or discretely targeted phishing URLs, reducing false positives and ensuring more accurate and performant security. While clients will start to benefit from LUCA immediately, LUCA is still learning, and as such, this feature will be rolled out over time to fine tune its performance for the real world.
  2. Custom Policy Settings: Enhancements also make it easy to configure and manage policies to define how the feature should perform for your unique business context. Set up custom whitelists, choose how the system handles various classifications, determine what users see in their inbox, and enforce tailored policies, for a more streamlined user experience and a truly tailored security approach.
  3. Enhanced User Experience: Various tables and toggles in LinkShield have been updated for a more intuitive user experience, making it easier to enforce the right behaviour at a systems level, and further minimising security risks from phishing, malware and ransomware attacks.

These enhancements ensure that our clients continue to benefit from cutting-edge best practises in email security, so you can focus on your core businesses secure in the knowledge that your mailboxes are secure – today and in the future.


In conclusion, URL-based phishing, ransomware and malware remains a prevalent threat in today's digital landscape, and can result in catastrophic data breaches. But with the cutting-edge tools like LinkShield 2.0, powered by LUCA, businesses can mitigate the risks and focus on sustainable and scalable growth. LinkShield 2.0 is just one of a number of innovative upgrades planned for 2024. Stay tuned for future feature and upgrade announcements, as we continue to lead the charge in cyber resilience and email security solutions for businesses of all sizes!