---
title: "Protecting Against Phishing is Even Harder With Invisible Links | Phish Protection"
description: "Protecting Against Phishing is Even Harder With Invisible Links: Employees who have been trained to look out for phishing emails know not to click on links."
image: "https://phishprotection.com/og/blog/protecting-against-phishing-is-even-harder-with-invisible-links.png"
canonical: "https://phishprotection.com/blog/protecting-against-phishing-is-even-harder-with-invisible-links/"
---

Quick Answer

Employees who have been trained to look out for phishing emails know not to click on links in suspicious emails. But\_ what if the email tricks them into clicking on a link they didn’t intend to click on because it's invisible?\_

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fprotecting-against-phishing-is-even-harder-with-invisible-links%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Protecting%20Against%20Phishing%20is%20Even%20Harder%20With%20Invisible%20Links&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fprotecting-against-phishing-is-even-harder-with-invisible-links%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fprotecting-against-phishing-is-even-harder-with-invisible-links%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fprotecting-against-phishing-is-even-harder-with-invisible-links%2F&title=Protecting%20Against%20Phishing%20is%20Even%20Harder%20With%20Invisible%20Links "Share on Reddit") [ ](mailto:?subject=Protecting%20Against%20Phishing%20is%20Even%20Harder%20With%20Invisible%20Links&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fprotecting-against-phishing-is-even-harder-with-invisible-links%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2019/01/spear-phishing-protection-3456.jpg) 

Employees who have been trained to look out for phishing emails know not to click on links in suspicious emails. But\_ what if the email tricks them into clicking on a link they didn’t intend to click on because it’s invisible?\_

According to a presentation by the security education firm [KnowBe4](https://www.knowbe4.com/), one of the newest forms of email compromise is a type of **clickjacking** which incorporates an\*\* invisible link\*\* (using the opacity setting in CSS). The link is instead replaced by a “bothersome” graphic element that’s made to look like a small hair or a speck of dust just like this:

This tricks the user into wiping the hair or dust off the screen, ostensibly on a mobile phone, which activates the link and launches a connection back to a rogue website. Or worse, releases some form of malware.

These “rouge wiping elements” are a form of [social engineering](https://www.social-engineer.com/) which is almost impossible to prevent with education alone. Afterall, it’s human nature to want a touchscreen free of debris. The only way to protect users from these sophisticated phishing techniques is to use technology. _Technology that doesn’t get fooled so easily._

To protect against this **clever form of phishing** actually requires two technologies.

### The first is real-time link scanning.

Unlike humans, link scanners aren’t fooled by see-through links and graphical elements.

> 

Link Scanner, All they see is the underlying HTML, and there’s no way to hide that from link scanning.

When a user attempts to wipe away the hair thereby clicking on the malicious link, the link scanner intervenes to check both the link itself and the web page being linked to.

![Spear phishing protection](https://media.mailhop.org/phishprotection/images/2019/01/spear-phishing-protection-3456.jpg) 

### That leads to the second technology required: cloud-based.

A [cloud-based email protection solution](/) is required for two reasons. First, it must be cloud-based to be able to sit between the email client (on the user’s phone) and the malicious website. That gives it a chance to check the website before directing the client there.

The other advantage of **cloud-based email protection** is that it works seamlessly for all devices, including mobile phones. Since this attack is primarily targeted at mobile devices, only a solution that can accommodate them will provide necessary [phishing protection](/).

Phishing attacks are getting extremely sophisticated. More and more they’re going after mobile devices. If you’re a small business, on a limited budget, but you’d still like to be protected from **advanced phishing techniques** like these, there’s good news. You can now get **advanced phishing technology** at prices that fit your budget.

PhishProtection is an [anti phishing solution](/content/anti-phishing-solution/) that can help protect your small or mid-size business from phishing attacks.

## Topics

[ Uncategorized ](/tags/uncategorized/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Intermediate 10m  IT Support: Why you Need it, What it Does, And How to Optimize it  Dec 2, 2022 ](/blog/it-support-why-you-need-it-what-it-does-and-how-to-optimize-it/)[  Intermediate 4m  Phishing Scams Revolving Around Covid-19 Vaccines: How To Remain Secure Against Such Attacks  Feb 25, 2021 ](/blog/phishing-scams-revolving-covid-19-vaccines-remain-secure-attacks/)[  Intermediate 4m  Recovering from a Phishing Attack  Jan 18, 2019 ](/blog/recovering-from-a-phishing-attack/)[  Intermediate 5m  As Twitter Plans To Charge Verified Users $8 Fee, Threat Actors Start Launching Phishing Campaigns Exploiting The Situation  Nov 10, 2022 ](/blog/twitter-plans-charge-verified-users-8-fee-threat-actors-start-launching-phishing-campaigns-exploiting-situation/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Protecting Against Phishing is Even Harder With Invisible Links","description":"Protecting Against Phishing is Even Harder With Invisible Links: Employees who have been trained to look out for phishing emails know not to click on links.","url":"https://phishprotection.com/blog/protecting-against-phishing-is-even-harder-with-invisible-links/","datePublished":"2019-01-22T10:46:24.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2019-01-22T10:46:24.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/protecting-against-phishing-is-even-harder-with-invisible-links/"},"articleSection":"intermediate","keywords":"Uncategorized","wordCount":445,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2019/01/spear-phishing-protection-3456.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Protecting Against Phishing is Even Harder With Invisible Links","item":"https://phishprotection.com/blog/protecting-against-phishing-is-even-harder-with-invisible-links/"}]}
```