Menu
By Cian Fitzpatrick | 22nd October 2025
When we think about email threats, most of us picture phishing attempts, malicious attachments or suspicious links hiding in plain sight. These are the email security threats that get the most attention.
But there’s another threat that often flies under the radar: public shares links.
This one is extremely subtle, and it’s because of this subtlety that it is so potent as a cyber hack.
These are the OneDrive, Google Drive and Dropbox folders that many of us use every day to share files with colleagues, partners and clients. They’re convenient, fast and familiar. Our business, and even personal lives would be much more complicated without them. And that is exactly why attackers love them.
Cybercriminals are always looking for ways to bypass traditional security tools. They know that most email security solutions are designed to stop threats before they reach the inbox. But what if the threat doesn’t exist at the time the email is delivered?
If you’re thinking this all sounds very much like a Mission:Impossible plot, you’re right.
Here’s how the trick works.
An attacker sends an email containing a perfectly legitimate link to a public share folder. The folder might even contain a harmless document at the time of delivery. The email sails past security checks and lands safely in the user’s inbox.
A day or two later, the attacker changes the contents of that folder, replacing the original document with a malicious file or embedding malware into the existing one. Because the email was already delivered as a bone fide piece of communication, traditional defenses are powerless to stop it.Â
This is known as a post-poisoning attack, and it is one of the fastest-growing email threats today.
At Topsec, we take a layered approach to stopping these attacks before they can cause harm. Our approach is always to build a security stack and never to rely on one solution alone.
When an email containing a public share link is scanned, our analysers visit the link and download the file for inspection. It is then passed through our sandbox system, where it is safely detonated in an isolated environment. Any links, redirects or hidden threats inside the file are extracted and examined.
We also don’t stop there. Our team is zealous about your email security. As a result, all URLs, including the original share link, are continuously re-scanned for five days. If an attacker tries to change the contents of the folder during that time, we will see it. Any new or suspicious activity is flagged, and the original email is automatically removed from the inbox.
This approach ensures that even if an attacker tries to weaponise a shared folder after the fact, they will not succeed.
Awareness is the first step.
Technology tools and solutions are an integral part of keeping your inbox safe, but the best security starts with a highly aware team.
Make sure your team understands that a familiar-looking share link is not always safe. Yes, even if the email passed your usual security checks. Train them to be cautious about clicking links days or weeks after receiving them, especially if they were not expecting an update.
It’s also worth reviewing your organisation’s file-sharing policies.Â
Encourage the use of secure, monitored platforms and limit the use of public links where possible. And consider deploying a solution like Topsec Inbox Protect, which continues to monitor emails long after they land in your users’ inboxes.
Public share links are not inherently dangerous. They are an essential part of how modern businesses collaborate. But like any tool, they can be exploited by those with malicious intent. The good news is that with the right awareness, policies and technology, you can close this growing gap in your cybersecurity defences.
This Cybersecurity Awareness Month, take the time to look beyond the obvious threats. The next big risk to your organisation might be hiding in the most ordinary of places. It could be sitting inside a shared folder you believed was safe.
At Topsec Cloud Solutions, we help keep our clients safe around the clock. Take a look at our case studies here and then contact us for more information.
