It would be fairly easy for most email filtering products to stop all phishing messages today, except for the unfortunate side effect being that many legitimate emails would also be stopped.

It’s really a cat and mouse game between attackers using phishing and spear-phishing techniques, and security technology that filters messages based on their content, as well as the metadata they carry.

Detecting malicious email senders

Progress has been made in detecting spoofed email senders due to the emergence of better protocols between sending and receiving servers that enables them to detect impersonation attempts. But for these protocols to work well, both ends of the communication must be configured properly.

These extra email protocol safeguards can also be complex to configure properly, especially now that many organizations use third parties to process email such as newsletters and service notifications.

Cat and Mouse

Join our next 5-Day Challenge to experience something completely unique

“The challenges were so quick I was able to do them in the time it took me to sip an espresso.” – IT Security Manager

Detecting malicious content, links and attachments

Detecting whether or not the content of an email is malicious is even harder. As attackers see their messages being quarantined, they adjust their content to more closely represent legitimate email exchanges. There are always new possibilities.

Even detecting malicious links and attachments in phishing emails is a constant struggle to rate the reputation of website domains, and match malicious file “fingerprints”. Attackers like to use new domains that have not yet been detected as malicious, and therefore disallowed. However, if all new domains are flagged, then legitimate startup companies will have problems getting their email through.

It’s a tough job to filter out messages that are malicious when attackers are trying hard to make their spear-phishing emails look legitimate.

It will be a long wait

Someday, probably with AI, or maybe when an entirely new messaging protocol is developed and adopted, malicious messages will be reliably filtered out, while legitimate ones will get through. But the day when most businesses have implemented such a magical tool is a long way off.

Until then (or maybe even forever) educating end-users on basic methods of analyzing messages, and persuading them to practice that skill on a regular is essential.

It’s a time much like when the pioneers colonized in the Wild West, where everyone had to learn to manage new risks quickly, or they suffered tragic consequences.

On this front, at least it’s now easier to engage employees, by using gamified security awareness. It’s always worthwhile to educate employees about risks. As more jobs are outsourced or automated, more high value decisions are faced in everyone’s jobs.

Click Armor’s immersive, foundational training and weekly challenges is the only security awareness solution that is designed to motivate employees to practice and strengthen their skills on a weekly basis in a gamified simulation environment.


Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.