Why links are the weak spot

Most phishing attacks don’t carry an obvious payload anymore. Instead, they rely on links that look safe at first glance — shortened URLs, redirects, or fake login pages designed to harvest credentials. A link might pass traditional security checks at delivery, but hours later resolve to a malicious destination. Standard filters can’t catch that shift in time.

What is LinkScan?

LinkScan is TrustLayer’s real-time URL protection technology. It doesn’t just scan links when an email arrives — it rewrites every embedded URL and checks it both at delivery and at the moment of click. That means if a link turns malicious after it lands in the inbox, users are still protected.

How LinkScan works

TrustLayer LinkScan combines time-of-delivery scanning with point-of-click checks, providing layered defence against evolving phishing campaigns:
  • Time-of-delivery scanning: All links are inspected against multiple reputation engines, third-party services and policy checks when the message is first received.
  • Time-of-click protection: Links are rescanned at the exact moment a user clicks, following redirects and unmasking shortened URLs, including QR codes.
  • Smart user experience: Depending on policy, users can be blocked, redirected, or shown a clear warning page explaining why a link is unsafe.
  • Policy flexibility: Admins can customise whether links are auto-blocked, presented with a warning, or permitted with logging for later investigation.

Why LinkScan matters now

Attackers aren’t just relying on malicious files. They’re impersonating workflows, abusing cloud app integrations, and exploiting timing. A CFO travelling. An HR manager mid-onboarding. A supplier chasing an invoice. One well-placed link can drain accounts or compromise an entire system.

Legacy filters weren’t built for this. They check attachments and domain reputation but don’t consider intent, timing or behaviour. LinkScan closes that gap by making every click a checkpoint — not just the email’s arrival.

Benefits for IT and security teams

  • Reduced risk of credential theft: fake login pages and malicious redirects are blocked before credentials can be entered.
  • Protection against adaptive phishing: whether the payload activates minutes or days later, LinkScan rescans at the point of user interaction.
  • Simplified incident response: policies, actions and user clicks are logged for audit, making investigations fast and accurate.
  • Stronger compliance posture: organisations can demonstrate proactive phishing defences across inbound, outbound and internal email.
  • Seamless deployment: LinkScan is part of TrustLayer’s Email Security, available via MX record change or Microsoft 365 connector mode.

LinkScan and Microsoft 365

For organisations relying on Microsoft 365, native security leaves dangerous gaps. Attackers know how to mimic Microsoft-branded emails, exploit Transport Rules, and use app consent phishing. LinkScan adds a protective layer that Microsoft can’t, inspecting links dynamically and flagging unsafe destinations before a user’s credentials are compromised.

Real-world use cases

  • CEO fraud: A spoofed email urges finance to process a payment. The link points to a convincing supplier portal. LinkScan intercepts and blocks before credentials are entered.

  • QR phishing (“quishing”): An email asks employees to “update MFA” by scanning a QR code. LinkScan validates the embedded destination, warning users before they ever scan.

  • Redirect exploits: A link initially resolves to a safe site but later changes to host malware. LinkScan rescans at click-time, preventing the compromise.

Why LinkScan is different

Plenty of vendors promise URL protection, but most only check once. Others redirect all traffic through their own infrastructure, slowing down performance. LinkScan balances protection with user experience — scanning links when it matters, without unnecessary rerouting.

And because it’s part of the TrustLayer platform, LinkScan isn’t an isolated feature. It integrates with email policy controls, behavioural analysis, and posture management to provide layered, context-aware protection.

Final word: stop phishing at the moment it matters

Phishing links aren’t just an inbox problem — they’re a business problem. A single click at the wrong time can cost six figures. With LinkScan, every click is checke and every redirect exposed even if on a time delay. It’s phishing defence built for how attacks actually work today.

Find out how to set up LinkScan here