Legacy email security and built-in email provider protection both focus on known red flags like malicious URLs and dangerous attachments to detect phishing attempts. But a sophisticated phishing email instead uses impersonation tactics, compromised accounts, redirected URLs,  spoofed email addresses that appear legitimate, or a combination of all of these tactics. 

In other words, a secure email gateway struggles to detect the socially-engineered element used in an inconspicuous phishing email. And since these emails look like they’re coming from a trusted sender (like an IT team), recipients are more prone to trust and interact with them.

Attackers are constantly evolving, and antiquated email security software hasn’t kept up with the changes in tactics. 

Here are four important questions for security professionals assessing an anti-phishing solution. 

• How does it detect a phishing attempt? Ineffective solutions rely on known red flags to identify a phishing email. But a sophisticated phishing solution should go beyond simply checking URLs, attachments, and email headers. Advanced phishing protection requires a deeper understanding of an email's content and context including sender-recipient relationships, standard user email behavior, and language processing capabilities to spot suspicious requests.
• How does it handle false positives and missed attacks? Blocking a legitimate email or missing a dangerous email is annoying at best and dangerous at worst. An effective phishing solution should have a built-in process to assess mistakes, which includes a reporting system, an investigation process, and detailed explanations. 
• Does it detect internal phishing attacks? Lateral phishing emails are extremely effective since they come from the actual email account of a trusted colleague. And legacy email security often has zero insight into internal traffic and communications. Your solution should have full insight into both east-west and north-south traffic to block attacks from every direction. 
• Can it lock compromised accounts? Rather than simply remediating an internal phishing attempt, email security solutions should go one step further and automatically lock any compromised accounts. 

And it’s not just detection capabilities that are important to consider when considering anti-phishing software. Security leaders should also consider: 

• Implementation: How does the solution connect to your existing email environment? Is it API-driven, journaling-based, or a secure email gateway? Modern enterprises that use cloud email services often find the API option to be more convenient and effective since it’s built with the cloud environment in mind.

• Integration: Does the solution work alongside and augment the built-in security from your email provider, or does it disable it? An effective solution augments built-in security to add a layer of protection. 

• Maintenance: Does the solution require considerable upkeep to manually review and remediate phishing attempts and blocklists? Advanced anti-phishing software should simplify and automate this heavy workload to save your team time. 

Abnormal Inbound Email Security stops credential phishing attempts with a multifaceted approach:

• Verifies display names in the header match the email address to spot impersonations and spoofs. 

• Flags time-sensitive requests with an urgent tone like impending account deactivation warnings. 

• Analyzes suspicious links for redirects or login pages. 

• Automatically locks user accounts when they appear compromised—either from a successful phishing attack, a brute force attack, or a password spraying attack, to prevent internal attacks.

Abnormal’s anti-phishing solution integrates with Microsoft 365 and Google Workspace via an API to assess thousands of signals including location, IP addresses, mail filter rules, device logins, and more. The natural language processing approach helps Abnormal accurately understand an email’s content to spot unusual communication in phishing emails. And a data-focused insight on end-user behavior highlights anomalous email activities common in phishing attempts.