When creating a policy that contains a "Message Attachment or File Name Match" or a "Message Attachment of File Type Match"  rule type, you may get incidents generated from hyperlinks that point to file names or types in those conditions. The hyperlinks are detected inside of other files such as docx.

This is a known issue within DLP but there is an easy workaround to avoid the issue.

Add a "Message Attachment or File Size Match" condition to the rule that contains the "Message Attachment or File Name Match" or "Message Attachment of File Type Match" condition. Set the File Size to be More Than 1 byte. This makes the rule a compound rule where all of the conditions must evaluate to true for the policy to trigger. This prevents the policy from triggering on hyperlinks that contain file names or types that match the "Message Attachment or File Name Match" or the "Message Attachment of File Type Match" condition. However the incident will still be triggered by real files that match the file type or name conditions as all files are greater than 1 byte in size.