Enterprise secure messaging solutions are failing to detect a new generation of attacks. Business email compromise (BEC), account takeover (ATO), and AI phishing routinely bypass traditional controls because they contain no malicious payloads, no suspicious links, and no blacklisted sender domains.
The stakes are rising as the attack surface expands. Email remains a primary entry point for cyberattacks, and collaboration platforms like Microsoft Teams and Slack have become targeted channels in their own right, exposing organizations to impersonation, malware delivery, and OAuth abuse.
This guide explains why traditional rule-based controls fall short against payload-free, identity-driven, and AI-generated threats, outlines a detection model grounded in communication behavior and more.
Key Takeaways
- AI-generated phishing has reduced the grammatical errors and generic phrasing that traditional filters and awareness training often relied on to catch fraudulent messages.
- Collaboration platforms like Teams and Slack are now directly targeted attack surfaces with different trust dynamics and fewer security controls than email.
- Detection models that establish per-user and per-relationship baselines can identify anomalies that signature-based systems often miss.
- Phishing-resistant MFA (FIDO2/WebAuthn) and CISA SCuBA configuration baselines are foundational controls that should be implemented before adding third-party security layers.
Why Enterprise Secure Messaging Solutions Face a New Category of Threat
Modern messaging attacks such as BEC, VEC, and lateral phishing succeed by impersonating legitimate business activity. Plus, they don't carry any of the indicators rule-based detection depends on, leaving traditional secure messaging solutions with limited signal to act on.
BEC remains one of the most financially damaging messaging-based attack categories tracked by law enforcement. The FBI IC3 report documents BEC losses, with the majority of losses transferred via wire or ACH. From a rule-based system's perspective, these attacks can look very similar to legitimate business email.
VEC risk advisory adds another layer of difficulty. These attacks originate from or impersonate legitimate vendor accounts where the sending domain is authentic, DMARC and SPF checks pass, and the communication context is operationally expected by recipients. The fraudulent element is the request itself.
Lateral phishing from compromised internal accounts entirely weakens sender reputation controls. The message originates from a legitimate, trusted and authenticated account within the organization's own infrastructure. Attackers have also been observed abusing Microsoft 365 Direct Send to make phishing appear to originate from internal users.
How AI Has Reshaped the Attack Economics for Secure Messaging
AI has made polished social engineering easier to produce at scale. The Verizon 2025 DBIR documents that synthetically generated text in malicious emails has increased over the past two years.
These shifts have changed the economics of messaging-based attacks in three concrete ways: making fraudulent messages more linguistically convincing, enabling near-infinite variation that evades signature matching, and coordinating impersonation across multiple channels simultaneously.
The sections below examine each shift and the detection challenges it introduces.
LLM-Crafted BEC With No Detectable Tells
LLM-written BEC can remove many of the cues older detection methods relied on. LLMs produce grammatically polished messages that match an organization's tone, reference real vendors, and align with actual business context.
The heuristics that secure email gateways (SEGs) and training programs often rely upon, such as spelling errors, awkward phrasing, and generic salutations, are reduced by default.
Polymorphic Campaigns That Defeat Signature Matching
AI-generated variation makes phishing campaigns harder to group and block with static detection logic. AI-driven phishing variants enable phishing campaigns where each delivered message uses different wording, subject lines, and sender display names while conveying the same malicious intent.
Modern campaigns also layer cloaking, chained redirects, CAPTCHA gates, and conditional execution so that automated scanners observe benign content while human victims see the malicious payload.
Two employees at the same organization may receive completely different versions of the same attack. Because each variant is effectively a zero-day from the signature-based system's perspective, cross-population pattern detection becomes less reliable, and the detection model stays reactive.
Multi-Channel Coordination Across Platforms
Attackers increasingly coordinate the same impersonation story across email, chat, SMS, and voice. One attack chain floods a target's email inbox with spam, then contacts the target through Teams while posing as IT support, and guides them to use Windows Quick Assist, a legitimate application that triggers no security warnings, to grant remote access.
Voice cloning risks can produce convincing voice replicas from a small sample of recorded audio, enabling conversational impersonation that weakens voice-based identity verification. The primary control point remains the inbox, but organizations need complementary controls for voice, SMS, and collaboration channels.
Where Traditional Secure Messaging Solutions Fall Short
Legacy email gateway (SEG) controls often struggle when context and identity abuse drive the attack. SEGs were designed around a specific threat model: malicious email carries a detectable artifact.
The detection logic, including signature matching, reputation scoring, URL analysis, and attachment sandboxing, depends on the presence of a known-bad indicator that can be identified, cataloged, and matched against future traffic. Four structural failure modes explain why this model is often insufficient against modern threats.
No Signal for Payload-Free Attacks
Payload-free attacks leave SEGs with less technical evidence to evaluate. BEC attacks deliberately omit the artifacts that SEGs scan for. A SEG classifying a BEC email as clean may simply be the system functioning as designed.
The design assumption that malicious email carries a detectable payload is poorly aligned to this threat class. The gap illustrates payload dependency: when malicious content is a plausible business request, the detection model may have limited technical indicators to evaluate.
No Behavioral Baseline or Relationship Context
Detecting socially engineered fraud often requires understanding whether a request is unusual for a specific relationship. SEGs evaluate each message independently against static rules.
They maintain no model of communication patterns between specific senders and recipients, no understanding of organizational hierarchy, and no capacity to identify anomalies against a baseline of established relationship norms.
An email from a real vendor domain, referencing a real business relationship, requesting a plausible wire transfer will pass signature and reputation checks. Detecting fraudulent requests requires understanding what requests are typical for that specific relationship.
Manual Tuning That Creates Compounding Debt
Manual tuning becomes harder to sustain as attackers generate more unique message variants. Rule-based SEGs require continuous manual tuning. Each tradeoff between sensitivity and specificity creates either a security gap or an operational burden that compounds over time.
When attackers generate large volumes of unique email variants per campaign, each variant appears to be a zero-day from the SEG's perspective. The detection model is inherently reactive, and manual rule maintenance cannot match attacker iteration speed.
Collaboration Platforms as an Expanding Attack Surface
Secure messaging now includes collaboration platforms that create distinct trust and visibility gaps compared to email. Microsoft Teams, Slack, and similar platforms are now independently targeted attack surfaces and primary business communication channels.
Microsoft has stated that Teams messaging, calls, meetings, and screen-sharing features are weaponized at different stages of the attack chain. Differences in security models between email and collaboration platforms create specific risks that email security controls do not address.
Direct Malware Delivery via Teams
Teams can be used to deliver malware directly inside a trusted workplace communication channel. Teams malware campaigns have been documented where threat actors used tools like TeamsPhisher to distribute malware directly over Teams.
In one documented campaign, Storm-0324 sent phishing lures delivering custom malware as an access vector for a ransomware operator. Teams messages arrive within a context of established workplace trust where users are conditioned to respond quickly, a different behavioral context from email, where skepticism is more ingrained.
Identity Spoofing Without Authentication Standards
Collaboration platforms can expose impersonation risks that do not map cleanly to email authentication controls. Email has established authentication standards, SPF, DKIM, and DMARC, that make sender spoofing detectable at the gateway level.
Teams' internal trust model, where messages from colleagues are displayed with verified identity badges, creates a higher-trust environment. Vulnerabilities allowed attackers to alter message content without visible "Edited" labels, modify incoming notifications to change the apparent sender, and forge caller identities during active calls. Some fixes were not deployed until long after disclosure.
Cross-Tenant Federation Enabled by Default
Default federation settings can expand the blast radius of collaboration platform compromise. Teams federation settings are on by default, requiring tenant administrators to actively restrict it.
A threat actor obtaining Teams admin access could use external communication settings to enable trust relationships between organizations and move laterally across them. Email compromise typically affects a single mailbox. A collaboration platform compromise can grant access to channel histories, shared files, and cross-organizational communication threads.
OAuth Application and Third-Party Integration Abuse
Third-party integrations can create data exposure paths that email gateways cannot inspect. Malicious applications integrated into a Slack workspace or Teams environment can silently exfiltrate data through API calls, read channel history, and access files.
Slack's developer documentation identifies link unfurling as a primary data exfiltration vector, where unexpected outbound connections triggered by link unfurling can contain sensitive data. Email gateways have no visibility into OAuth application permissions granted within collaboration platforms.
Organizations evaluating secure messaging solutions should account for these platform-specific risks. Controls designed for email do not transfer directly to collaboration environments.
How Behavioral Detection Addresses Gaps in Secure Messaging Solutions
Behavioral detection can surface suspicious activity even when a message appears technically clean. Instead of scanning for known-bad artifacts, these models establish normal communication and account activity for each user and entity, then flag significant deviations.
This approach generates a signal across three dimensions: how users authenticate, how they communicate with internal and external contacts, and how they write. Each dimension provides independent evidence that, combined, can identify threats that content inspection alone may miss.
Identity and Login Behavior Signals
Identity signals can help reveal account misuse that content inspection alone may miss. They correlate authentication events with established behavioral patterns to detect account compromise.
An account that authenticates with a valid session token from an unexpected context, at an atypical time, and then immediately accesses sensitive email folders and configures forwarding rules presents a cluster of suspicious signals. Each individual signal may be benign. The combination of multiple independent anomaly signals increases detection confidence, even when MFA has been satisfied and the session is technically valid.
Communication Pattern and Relationship Analysis
Communication pattern analysis examines who communicates with whom, how often, when, and through which channels. A financial request from a spoofed executive address may contain no malicious content.
But if that sender-recipient pair has no prior communication history, the request type is atypical for this sender's established pattern, and the send time falls outside the sender's activity window, multiple behavioral signals converge without any single one being dispositive.
Relationship graph analysis extends this to external parties. Even when an email arrives from a known vendor domain and passes authentication checks, behavioral analysis can detect that a specific contact has not previously sent payment-related requests in that relationship, or that the financial request is being introduced at a stage of a workflow where it has not appeared before.
NLP-Based Intent and Style Analysis
Natural language processing analyzes semantic meaning, urgency framing, and writing style consistency. When an attacker has compromised a display name, a lookalike domain, or even a legitimate account, they may not perfectly replicate the target's established writing style.
NLP models trained on an individual's historical communication can detect stylistic deviations, urgency framing, and request structures inconsistent with the sender's established patterns. A BEC email requesting an urgent wire transfer may contain no suspicious artifacts, but its framing of urgency and request structure may be inconsistent with how this sender has historically communicated.
Operational Constraints to Account For
Forrester Research notes that new employees and recently role-changed staff have insufficient communication history to support strong per-entity models, which means detection reliability is materially lower during the baseline establishment period.
The same source notes that role changes, new vendor relationships, and organizational restructuring cause legitimate behavior to diverge from established baselines, potentially generating false positives if models are not continuously retrained. Behavioral anomaly signals function most effectively when integrated with authentication events, threat intelligence, and content analysis within a layered security architecture.
Operational Controls for Secure Messaging in the Enterprise
Organizations can reduce messaging risk by strengthening identity controls, hardening baseline configurations, and extending monitoring beyond email. CISA and NIST have published specific, actionable guidance for enterprise messaging security. Operational adoption often lags published guidance.
- Deploy Phishing-Resistant MFA: TOTP MFA is no longer reliable against phishing-based account takeover, since adversary-in-the-middle platforms can defeat authenticator apps and SMS. FIDO2 and WebAuthn hardware keys and passkeys are the only protocol-level phishing-resistant options. Prioritize finance, HR, and executive users with conditional access policies enforcing it for messaging platform access.
- Implement CISA SCuBA Configuration Baselines: CISA SCuBA guidance provides finalized Microsoft 365 baselines, including Defender controls like DLP policies across Exchange, OneDrive, SharePoint, and Teams chat, plus strict preset security policies for sensitive accounts. Treat these as the starting layer of messaging security, since they close configuration gaps attackers routinely target. Implementing them before third-party detection provides a compliance-aligned foundation that reduces the burden on supplemental tools.
- Extend Detection and Monitoring Across Collaboration Platforms: Enable Teams chat audit logging, apply DLP per SCuBA requirements, restrict federation settings, and enforce least-privilege access for OAuth integrations. Per NIST SP 800-207, ingest Exchange, Teams, and SharePoint audit logs into your SIEM to inform security posture. CISA cloud logging supports SOAR playbooks for BEC indicators, DLP violations, and suspicious OAuth consent events, reducing SOC triage burden.
These controls form a layered foundation that hardens identity, configuration, and visibility before any third-party detection tools are introduced.
Closing the Detection Gap With Behavioral AI for Email
Keep existing controls in place and add detection that evaluates identity, communication patterns, and relationship context. Traditional secure messaging solutions remain an important part of the security stack.
They are effective against known malware, commodity phishing, and bulk spam. Attacks such as BEC, VEC and ATO-enabled campaigns create the remaining gap by minimizing the indicators that signature-based systems typically inspect.
Abnormal is designed to detect the email and account-based components of these attacks by modeling known-good behavior across identity, communication patterns, and relationship context. Abnormal can work alongside existing Microsoft 365 or gateway defenses to identify threats those tools were not designed to catch, including socially engineered messages with no malicious payload and ATO activity detection from technically valid sessions.
Recognized as a Leader in the Gartner Magic Quadrant for Email Security Platforms, Abnormal integrates via API with no changes to MX records or mail flow. Request a demo to see how behavioral AI detection can help surface the threats your current stack may be missing.
