830 - Avanan Email Security - End User Guide: Click-Time Protection (Rewritten Links)

Document Owner: Damian Stalls
Backup Owner: Josh Miller
Last Verified: 2026-05-19

OVERVIEW

Avanan Email Security may rewrite links in emails and attachments so the destination can be checked when you click it. This helps block phishing links that look safe at delivery but become malicious later.

Depending on your email app, you may see a protected Avanan link, a tooltip with the original destination, or the original link text with protection applied behind the scenes.

PURPOSE

  • Explain why links may look different (rewritten)
  • Explain what happens when you click a safe link vs a malicious link
  • Explain when to stop and contact support

WHO THIS IS FOR

  • End users who see links rewritten to an Avanan protected link
  • End users who click a link and receive a warning page
  • End users who receive emails with direct download links

WHAT TO DO

Step 1: Recognize a rewritten (protected) link

A protected link often looks like it points to an Avanan domain instead of the original website. When you click it, Avanan checks the destination in real time and then either allows or blocks the click.

Example format:
https://url.avanan.click/v2/___https://original-link.com/path___

Step 2: If the link opens normally

  • This usually means the destination passed click-time checks.
  • If the email is unexpected (payment changes, credential resets, urgent requests), still verify the request before taking action.

Step 3: If you get a warning page

If Avanan determines the destination is malicious or risky, you may be redirected to a warning page instead of the website.

Avanan warning page for malicious link

  • Do not proceed unless you are absolutely sure the request is legitimate.
  • Verify the request using a trusted method (call a known number or use an existing trusted thread).

Step 4: Direct download links (files)

Some links download a file immediately. Avanan may analyze the file destination before allowing the download.

If the file is detected as malicious

Blocked malicious direct download link

If the file is detected as clean

Allowed clean direct download link

Step 5: Google Drive preview links (Google Workspace users)

In Gmail, links to Google Drive files can appear as an in-email preview. When Avanan rewrites the link for protection, the preview may not display.

Google Drive preview behavior with rewritten links

WHEN TO CONTACT SUPPORT

  • A legitimate business link is repeatedly blocked
  • You clicked a link and received a warning page and need help verifying the request
  • You believe you clicked a malicious link and entered credentials or sensitive information

When contacting support, include:

  • Sender email address
  • Email subject line
  • The link you attempted to click (copy/paste if possible)
  • A screenshot of the warning page (if shown)

IMPORTANT GUIDELINES

  • Rewritten links are a security feature. Do not assume a rewritten link is unsafe.
  • If an email is unexpected and asks for credentials, payments, gift cards, or banking changes, verify before clicking.
  • If you think you entered credentials into a suspicious site, change your password immediately and contact support.

ALSO PUBLISHED AT

Support Portal (Knowledge Base): https://support.complete.net → Knowledge Base → Avanan Email Security
Public KB: https://help.complete.net/m/AvananEmailSecurity/