Protection from 'Blended Threat email attacks'

Blended Threat email messages are usually designed so they appear to be from a trusted sender, and can be targeted to a specific individual. They contain links to a website hosting malicious code, or attempting to entice the user into providing personal information such as payment details.

NHS Wales have introduced a solution from “Trustwave”, which checks hyperlinks before opening.

The checking includes a number of validation methods, such as real-time behavioural analysis, content inspection as well as information from a number of industry standard sources, to identify and block sites that serve suspicious or malicious code. Because validation is performed in real time by a cloud service when a link is clicked, it provides superior effectiveness in catching and neutralizing new exploits for all users on any device from any location.

When a user opens a message, the messages will not be visibly altered, but hovering over a link shows a ‘rewritten URL’, containing http://scanmail.trustwave.com/

When the user clicks a link, the URL is passed to the Trustwave Link Validator for evaluation. An information page displays briefly (usually for 1-2 seconds):

When a result is available it is reported.
If the result is “safe”, the user is automatically redirected to the original URL.

If the result is “unsafe”, a block page displays.
In some cases a link with more specific information about the block source is included.

Informatics have been piloting this solution for a number of months and will now gradually phase out to all Public Health Wales staff between now and 6 July 2020.

Please direct any queries to phw.servicedesk@wales.nhs.uk