Because I read something along those lines often: the fact that some legitimate emails look like phishing is caused by phishers mimicking real emails, not the other way round. The problem are garbage phishing detection rules, not the legitimate emails phishers try to mimic.
Phishing detection rules cannot be set in stone but depend highly on the environment and "email culture" you inhabit. If you filter out legitimate stuff because of your rules, your rules suck.
Example: "Don't open attachments" is stupid advice if you have to open email attachments every day for your regular job. Rather tell people to upload files sent with automated emails or unknown senders to either virus total or let them get checked by local antivirus. Or implement encryption policies where unencrypted files are suspicious by default.
Bottom line: setting the same standards for everyone won't work. Consider your environment and act accordingly.
Add comment