An electronic message manager (100) examines (210) incoming electronic messages and determines (220) whether an incoming electronic message comprises at least one suspect link associated with a remote system. In response to the determination (220) that the incoming message comprises at least one suspect link, the electronic message manager (100) replaces (230) each suspect link with a redirection link. In response to a user attempting (240) to connect to the remote system by clicking on the redirection link, the electronic message manager directs the user to a remote analysis site for deciding (260) whether that incoming message comprises a phishing message.