Email Security Intelligence - Threat Actors Are Bypassing Your Email Security Solution. Here's How.

Despite the wide array of business email security solutions on the market today, malicious email is still reaching users’ inboxes, and often resulting in severely damaging attacks and breaches. These cybercriminals are constantly working on their methods for exploitation, finetuning their techniques and tactics to evade the detection of security defenses. This article will explain the most popular and effective techniques that threat actors use to bypass email security solutions.


Top Methods Used to Evade Email Security Solutions

Social Engineering 

Social Engineering is a method of deception that is used in 98% of all cyberattacks that leverages personal and business context to establish trust and manipulate the victim into sharing sensitive information. These scams are highly successful as they leverage trust relationships built with a superior, colleague, partner, or organization.

Social engineering has become increasingly popular in recent years, as attackers are now able to obtain extensive information on targets by searching the Internet or scouring social media platforms. Attacks are designed to look and feel like legitimate communications, and often bypass traditional email security technology like spam filters and antivirus software as a result.

Spear Phishing 

Spear phishing is becoming an increasingly popular attack vector because it is generally more successful than conventional phishing. As opposed to sending hundreds of thousands of relatively generic emails out at a time, spear phishing campaigns involve researching victims and using advanced intelligence strategies to compose just a select few highly convincing messages.

From the message content to the language used, spear phishing emails mimic legitimate communications very closely, and thus frequently evade the detection of static, single-layered email security defenses such as those built into Microsoft 365

Fileless Malware 

Fileless malware is a payload-less email attack that runs in a computer's random access memory (RAM), not from a malicious file, and exploits existing, trusted system applications to install and run malicious code on target systems. This code is then used to encrypt and exfiltrate sensitive data, transferring it directly into the hands of the attacker.

Attacks leverage legitimate, trusted operating system tools for malicious purposes, essentially turning systems against themselves. This method of attack has become a favorite among cybercriminals for evading security defenses, eavesdropping on corporate networks, compromising systems, and gaining access to sensitive data.

 Unlike traditional malware, fileless malware has no signature because it does not leverage executable files, and goes undetected by signature-based antivirus software and the majority of traditional email security solutions as a result. Ponemon Institute reports that fileless attacks are 10 times more successful than file-based attacks.

Email Account Compromise (EAC)

The email account compromise (EAC) scam works by compromising one account, then using the trust established between that account and those associated with it to steal credentials that can be used to compromise others and trick victims into unknowingly wiring funds to the attacker.

EAC is very difficult to detect because of the fact that in this scam malicious emails are typically sent directly from the compromised account owner’s computer, which has been authorized to send mail as that user. As a result, these fraudulent emails are not identified and flagged by email authentication protocols that have been implemented by a user or an email security provider.

Polymorphic Viruses

This type of virus changes its signature when it reproduces, masquerading as a different and seemingly harmless file. These viruses are especially threatening because antivirus programs typically have a hard time detecting them. Because traditional antivirus software can only blacklist a single virus variant, many programs take months to identify a single polymorphic virus. ​​Polymorphic viruses are usually spread via spam email, malware, or infected websites.

Macros Hidden in Microsoft Office Attachments

Macro-enabled Microsoft Office documents have led to big payouts for malicious actors for nearly a year because traditional email security solutions still don’t fully scan attachments and let them through. Strong email security solutions offer macro scanning, attachment sandboxing and granular policy creation.

Solutions that include granular policy control allow fine-tuning for virus filtering engines that seek out macros embedded in Microsoft Office files. Attachment sandboxing also  helps security admins to easily determine if attachments are malicious or not in a secure virtual test environment. The sandbox is a place where malicious files can be executed to determine whether they are actually safe to open.

Misconfigurations Systems When Migrating To Cloud

Products of a strong email security often require an admin to configure specific IP range allowances, which in turn only allows email filters through their security solution. The admin runs the risk of failing to lock down their environments and only allowing the specific ranges, which would make it possible for outside mail to enter the inbox.

Mitigating this problem requires patience during the configuration process of your email security system. To eliminate the possibility of malicious email filtering through the security solution, work with the security company to secure the environment and keep it locked down.


When looking for an email security solution capable of identifying threats that often bypass traditional security defenses, an organization should consider a service that identifies all threats before they reach the inbox. The ideal solution should provide various detection layers to identify targeted spear phishing attacks as well as account takeovers, malware, zero-day threats, and more. Learn about defining characteristics and features of the most effective business email security solutions in this blog post.

Must Read Blog Posts

Latest Blog Articles

Get Your Guide