Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Image-based phishing and email security gaps: what teams need to know


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: A luxury retailer’s image-heavy sales workflow was disrupted when a legacy email gateway blocked photos while still missing a supplier-compromise phishing campaign that used PNG lures and Microsoft 365 credential theft, according to Proofpoint. The case shows that blunt filtering and mailbox-era controls can break revenue-critical communication while leaving human-targeted attack paths open.

NHIMG editorial — based on content published by Proofpoint: legacy email gateways, image-based phishing, and retailer workflow disruption

By the numbers:

Questions worth separating out

Q: How should security teams stop image-based phishing without breaking business workflows?

A: Security teams should classify which groups depend on image-rich communication, then apply content-aware inspection rather than blanket stripping.

Q: Why do trusted supplier accounts increase phishing risk?

A: Trusted supplier accounts bypass the scepticism users apply to unknown senders, so attackers can deliver lures that appear routine.

Q: What breaks when email security relies on blanket file blocking?

A: Blanket file blocking can stop legitimate business communication, especially in workflows that depend on images, PDFs, or branded attachments.

Practitioner guidance

What's in the full article

Proofpoint's full article covers the operational detail this post intentionally leaves for the source:

  • The retailer's staged migration path from API email protection to full Core Email Protection and then broader platform coverage.
  • Proofpoint's specific detection claims for malicious images, URL scanning, and message-level inspection in Microsoft 365.
  • The vendor's discussion of gateway architecture, pre-delivery blocking, and how it positions API and SEG deployment models.
  • The supplier threat protection, DMARC, secure email relay, and workspace controls described in the source article.

👉 Read Proofpoint’s analysis of image-based phishing, supplier compromise, and email security gaps →

Image-based phishing and email security gaps: what teams need to know?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Legacy email security becomes a governance failure when it forces business users to choose between protection and productivity. The retailer’s image-heavy workflow shows that email controls cannot be judged only by detection rates. If the control breaks the business process, users will route around it, and the security programme loses visibility. The practical conclusion is that email policy must be aligned to business workflow classification, not just threat filtering.

A question worth separating out:

Q: Who is accountable when phishing leads to account compromise?

A: Accountability is shared, but security leadership owns the control environment that made impersonation succeed. Email authentication, browser trust configuration, access scoping, and incident reporting are governance responsibilities, not just end-user habits. If phishing can repeatedly turn into compromise, the control model is failing at the organisational level.

👉 Read our full editorial: Legacy email gateways fail when business workflows depend on images



   
ReplyQuote
Share: