As organisations become more adept at identifying phishing threats, a new and unexpected challenge has emerged: legitimate, business-critical e-mails are increasingly being mistaken for malicious ones, raising concerns about communication breakdowns in an already complex cyber landscape.
This paradox is highlighted in KnowBe4’s Phishing Threat Trend Report 2025, which reveals that over 80% of phishing e-mails analysed were enhanced using artificial intelligence (AI) – making them far more convincing than ever before.
“The gut-check we used to rely on has been gamed,” says Anna Collard, SVP of content strategy and evangelist at KnowBe4 Africa. “Even the large language models we're exploring to detect suspicious e-mails are struggling. They’re now forced to dig deeper – assessing tone, context and subtler red flags.”
Collard attributes the shift to more mature cyber security awareness and phishing simulation programs, which have successfully heightened employee scepticism. But that success comes with a side effect: overcorrection. Employees are now more likely to misclassify legitimate messages as threats – either manually or through automated systems.
KnowBe4 notes that some of the most common and legitimate traits in corporate communication are now the very ones raising red flags:
- Urgency – subject lines like “sign this by COB today”.
- Unexpected senders – including HR tools or third-party SaaS platforms.
- Calls to action – phrases such as “click here to confirm”.
- Stylistic quirks – overly polished writing, excessive links or bold text.
- Technical misalignments – legitimate e-mails failing DMARC or DKIM checks.
“Even just using a third-party sender domain can cause confusion,” Collard says. “If staff don’t recognise the platform, they might flag the message – even when it’s valid.”
According to the report, the top five legitimate platforms most frequently spoofed in phishing attacks include DocuSign, PayPal, Microsoft, Google Drive and Salesforce – tools commonly used in day-to-day business operations.
The consequences of this misclassification go beyond missed messages. KnowBe4 warns that delayed IT updates, overlooked HR deadlines and lost sales opportunities are becoming increasingly common – creating ripple effects across entire organisations.
Trust in internal communication is also at stake. In industries like healthcare, legal services and finance, where accuracy and timeliness are critical, false positives can result in serious operational and financial costs.
Getting digital paperwork in order
One of the key ways to avoid deliverability issues, says KnowBe4, is to ensure e-mail authentication protocols are correctly configured. That includes SPF, DKIM and DMARC –technical standards that verify a sender’s identity.
“These protocols are like a digital passport,” explains Collard. “Without them, even a genuine e-mail may not make it through.”
In addition to technical safeguards, sender behaviour plays a vital role in building trust. KnowBe4 recommends the following best practices:
- Train teams to avoid accidental red flags.
- Share approved templates and subject line guidelines.
- Use consistent, recognisable sender addresses.
- Maintain a clear and predictable tone.
“This is part of internal brand hygiene,” says Collard. “When your team communicates clearly and consistently, you build trust over time – with both employees and clients. That trust makes your e-mails easier to recognise, safer to deliver and more likely to be opened.”
Share