Engineered To Evade: How Phishing Attacks Are Designed To Get Through Your Secure Email Gateway
KnowBe4, Wednesday, July 16th, 2025
Getting through secure email gateways (SEGs) is simply the cost of doing business for a cybercriminal. Literally, detection at the perimeter by a SEG is the same as falling at the first hurdle.
SEGs have been adopted broadly, especially in larger organizations (although this picture has started to change in recent years - more on that below).
Even where organizations don't use a SEG, many native controls in email platforms (like Microsoft Exchange) operate using the same principles. So a cybercriminal will be fairly confident they'll need to get through at least a SEG or similar layer to reach a target's inbox.