Spam Filters Aren’t Enough to Keep Out Phishing Scams

There are many things that can lull people into a false sense of security. A really nice salesman who smiles and shakes your hand, but then sells you a lemon; a really great boss who assures you your job is safe, but then lays off half the department; and a really great spam filter that promises security, but then allows a whole school of phishing emails into your inbox. Yep, while many people assume that their spam filter provides a solid defense against phishing scams, this couldn’t be further from the truth.

The History of Spam

Remember when junk mail was nothing more than unwanted flyers and coupons in your physical mailbox? Today, of course, we have spam—unsolicited bulk emails—filling up our virtual mailboxes. Spam, which entered the Oxford English Dictionary in 1998, is both a noun and a verb, since you can receive spam (Irrelevant or unsolicited messages sent over the Internet, typically to large numbers of users, for the purposes of advertising, phishing, spreading malware, etc.) or spam someone (Send the same message indiscriminately to (a large number of Internet users).

You probably know that spam shares its name with the tinned Hormel meat (SPiced hAM), but you may not know why. It’s all due to an old Monty Python sketch (many computer geeks being big fans of the comedy group) in which Spam is nearly inescapable as a menu item in a deli, much as spam email is ubiquitous on the internet. Check out the original sketch here.

4 Reasons Why Spam Filters Can’t Protect Against Phishing Scams

While the Monty Python sketch may be funny, spam is really no laughing matter, as spam costs businesses a staggering $20.5 billion every year and frequently mask phishing attacks! Here are four reasons spam filters just can’t offer the protection you need.

1. The Quantity of Spam

Nearly 15 billion spam emails are deployed daily; in fact, a whopping 45% of all email content is spam, and some researchers estimate spam makes up an even greater portion of email globally, at nearly 75%! So clearly, that means our spam filters are working overtime. This immense volume of spam makes it impossible for even the best filter to catch every single spam email, enabling malicious phishing emails to slip through from time to time.

2. Email Providers Are Not Phishing Experts

Despite the massive budgets of email providers such as Gmail, Outlook, and others, the fact is they are email providers, not phishing experts. Their spam filters are meant as a first line of defense, not the only means of defense. That’s why a Defense-in-Depth strategy—using multiple layers of defense—is crucial to avoid Gmail phishing and the like.

3. Phishers Are Sneaky

Yes, some phish are easy to spot, but cybercrime is big business, so many phishers have become really good at what they do. One phish that can often find its way into your inbox despite the presence of a spam filter is a spoofing email, in which the email appears to be from someone known or trusted, but is actually a cleverly disguised phony; another method of circumventing spam filters is to hijack a mail server or even a home computer. If you’ve ever received a malicious attachment from a known email account, it’s because that person has likely opened a malicious attachment or URL, enabling the phisher to take control of their computer and use their email account to send out phishing emails to their contact list.

4. Threats Are Always Evolving

Phishing scams are a lot like a game of whack-a-mole; knock one down, and another pops up. Phishing attacks have come a long way since their infancy, and no doubt they will continue to evolve and become more sophisticated in order to make it more difficult for a spam filter to recognize them. That means phishing scams will continue to infiltrate the inboxes of unsuspecting individuals.

Augmenting Spam Filters with Anti-Phishing Software

Just as relying on a human firewall is not a good anti-phishing technique, neither are spam filters. They offer benefits, but should always be combined with a third-party email and gmail phishing protection service such as Clearedin.

Clearedin scans every email that comes into your inbox to determine if it is a phishing scam. But don’t worry, your privacy remains intact; Clearedin only needs to read the meta data of an email (sender’s IP, send path, device, and other non-private code) to make a determination. There are other ways Clearedin helps keep you protected from phishing scams, and we’d love to share them with you.

Request a demo to see Clearedin in action, and turn your false sense of security into an anti-phishing Fort Knox!

demo for anti-phishing attacks

Spam Filters Aren’t Enough to ...

Subscribe for updates

Get weekly updates on phishing and other web attacks