(888) 606-8805 Talk to an Expert

Phishing Emails Are Outsmarting AI Filters—Here’s What Northern Indiana Businesses Must Do

Cybersecurity March 23, 2026 · James Horvath

Phishing Emails Are Outsmarting AI Filters—Here’s What Northern Indiana Businesses Must Do

AI-based email filters were supposed to make phishing a solved problem. But last week SC Media reported on a campaign that stuffs each lure with harmless, lengthy text so AI scanners believe the message is safe. The malicious call-to-action is buried near the top; the rest is filler designed to “outweigh” the bad content. For business owners in South Bend, Mishawaka, and Plymouth, it’s a reminder that attackers iterate just as fast as the tools meant to stop them.

How the new obfuscation trick works

  • Step 1: Grab attention. The top of the email still looks like a routine invoice, voicemail, or HR notice—the kind your team sees daily.
  • Step 2: Add noise. Attackers paste thousands of characters of benign text—book excerpts, Wikipedia paragraphs, even lorem ipsum—beneath the real lure.
  • Step 3: Fool the AI. Because many modern filters rely on overall sentiment and keyword ratios, the “good” text outweighs the malicious snippet, letting the email land in the inbox.
  • Step 4: Profit. Once an employee clicks, the payload (credential harvester, fake MFA prompt, or remote control agent) fires as usual.

Why Northern Indiana businesses should care

Most of our regional clients—medical groups, manufacturers, accountants—already invested in modern email security. The mindset became, “the filter will catch it.” This new tactic shows:

  • Automation isn’t enough. AI tools are valuable, but attackers study them too.
  • Hybrid work expands the attack surface. Employees on home Wi-Fi might rely on personal devices where the corporate filter doesn’t apply.
  • Compliance pressure is rising. FTC Safeguards, HIPAA, and CMMC all expect layered protection and proof of ongoing training.

An action plan for business owners

  1. Layer your defenses. Pair AI filtering with DNS filtering, attachment sandboxing, and identity-based controls (MFA, conditional access).
  2. Refresh user training. Show staff how to spot odd formatting, unusual requests, and generic sign-offs—even when the message breezes past technical controls.
  3. Run ongoing phishing simulations. Quarterly tests keep awareness high and give you metrics to show auditors and insurers.
  4. Audit remote access tools. Confirm ScreenConnect, AnyDesk, etc. are locked behind MFA and allowlists, so a single click doesn’t hand over the keys.
  5. Document the process. Written playbooks and evidence of layered controls are now table stakes when cyber insurance renewals or regulators ask questions.

How LecsIT helps

  • Co-managed email security: We tune AI filters, sandboxing, and DMARC policies for your actual threat profile.
  • Human-in-the-loop monitoring: Suspicious messages get escalated to our security desk before users even see them.
  • Phishing drills + reporting: We run campaigns tailored to your departments and deliver board-ready metrics.
  • Incident response readiness: If a click slips through, we quarantine the account, reset tokens, and collect forensics immediately.

Want to ensure your team isn’t the next phishing headline? Schedule a quick security review with LecsIT and we’ll map out the layered protections and user coaching your business needs.

About James Horvath

James Horvath

James Horvath has been helping businesses around the world overcome their technology problems since 2009. He leads LecsIT’s Midwest team to deliver secure, high-availability IT services for growing organizations.

← Back to Insights