1,400 Evasion Combinations — StrongestLayer

StrongestLayer Threat Research · December 2025 – February 2026

1,400 ways
attackers beat
your email security

We analyzed 5,000 phishing attacks that bypassed enterprise SEGs. Not one-trick attacks — a mature evasion ecosystem where attackers engineer multi-technique architectures to defeat the specific stack they're targeting.

4.11 avg. techniques per attack

34.7% score 7+/10 regex difficulty

130% increase from prior study

The Evasion Landscape

22 techniques. 5 categories. 1,400+ unique combinations.

Every evasion technique serves one of three roles: it shifts the attack channel, obfuscates the payload, or exploits human psychology. Attackers don't pick one—they stack them.

27.9%

Channel-Shifting

Moves the attack off the email plane entirely, rendering email-only detection structurally blind.

Phone Callback (TOAD) · QR Code · Voicemail Pivot

43.0%

URL Evasion

Launders malicious URLs through legitimate infrastructure or actively blocks automated scanning.

Legitimate Redirect · CAPTCHA Gate · Multi-hop Redirect · Encoded URL

20.3%

Content Evasion

Hosts payloads on trusted platforms with perfect reputation scores no SEG will block.

LOTS Hosting · PDF Attachment · Image-based Payload · Notification Spoofing

0.5%

Auth Evasion

Exploits authentication trust—OAuth tokens, SSO flows, and session hijacking.

Authentication Exploitation · Collaboration Platform Spoofing

65.5%

Social Engineering

Vocabulary identical to legitimate business communication. Detection cost exceeds miss cost.

Authority Impersonation · Domain Lookalike · Financial Lure · Brand Impersonation

Technique Stacking: The End of One-Trick Attacks

Only 9.1% of detections use a single technique or none. The average attack stacks 4.11 techniques simultaneously. 56.8% use four or more.

2.3%

0–1

6.8%

16.1%

18.0%

24.2%

18.5%

9.5%

4.6%

8–11

Techniques per detection · Pink bars = 5+ techniques (56.8% of all detections)

Source: StrongestLayer Threat Research · ~5,000 email-based threat detections · Dec 2025 – Feb 2026. All detections bypassed upstream SEGs.

The Headline Finding

The #1 attack family has no scannable payload

27.8%

TOAD — Telephone-Oriented Attack Delivery

More than 1 in 4 emails use a phone number as the payload. No URL. No attachment. No technically malicious content. A call center staffed by social engineers does the rest — outside the detection model email security was designed for.

TOAD showed a ~487% increase from December to January 2026 — a structural shift in how attackers deliver social engineering.

13.2%

Branded Financial Callback

Norton, McAfee, PayPal — specific dollar amounts feel transactional, not fabricated.

9.1%

Financial Callback (No Brand)

Generic payment themes. Harder for brand-matching rules to catch.

4.3%

Generic Callback

No financial or brand signals. Pure social engineering.

1.1%

Notification Callback

Mimics automated billing systems—format itself conveys authority.

TOAD categorization validated against published research from Proofpoint, Trustwave SpiderLabs, Intel 471, and Cisco Talos.

How It Works

The three-layer evasion architecture

The most sophisticated attacks construct a layered architecture where each layer defeats a different detection capability. The combination creates a detection gap that compounds multiplicatively.

Trusted Delivery

Email arrives through legitimate infrastructure — SendGrid, Google Calendar, SharePoint links, or google.com redirects.

Reputation-based filtering defeated. Perfect reputation scores no SEG will block.

Anti-Scanner

Payload protected by CAPTCHA gates, encoded in QR codes inside PDFs, or delivered as image-based payloads.

Sandbox analysis defeated. SEG follows the URL, hits a CAPTCHA, and marks it "clean."

Channel Shift

Exploitation moves off-email — to a phone call (TOAD), mobile device (QR), Teams meeting, or SMS.

Post-delivery remediation defeated. Damage occurs in a channel the SEG cannot monitor.

35.9% of all detections fall into structural blind spots — attack categories where SEG detection is not merely difficult but architecturally impossible within an email-text-scanning paradigm. TOAD accounts for 27.8%, QR Code attacks for 6.0%, and Voice Channel Shift for 2.1%.

The Taxonomy

Attack families ranked by evasion strategy

Classified by primary evasion strategy, not raw technique count. A TOAD attack with 2 techniques is harder for a SEG to detect than a redirect chain with 6, because the TOAD payload is structurally unblockable.

Super-Family	% of Total	SEG Detection Difficulty
TOAD / Phone Callback	27.8%	Structural blind spot
Redirect Chain Families	27.4%	Hard (evasion-dependent)
Legitimate Infrastructure (LOTS)	16.7%	Hard (reputation-laundered)
Social Engineering Pure-Play	14.0%	Medium-hard (high FP cost)
QR Code Attack Families	6.0%	Structural blind spot
Voice Channel Shift	2.1%	Structural blind spot
Content Evasion	2.0%	Medium
Collaboration Platform Spoofing	0.7%	Hard
Authentication Exploitation	0.5%	Very hard

Platform-Specific Evasion

Attackers adapt to your security stack

Evasion profiles are not random. Microsoft environments face image-based payload attacks; Google Workspace faces notification spoofing and voicemail pivots. Attackers are optimizing for the detection gaps of specific platform architectures.

Microsoft Environments

QR Code11–53%

PDF Attachment21–43%

Multi-hop Redirect17–48%

CAPTCHA Gate15–38%

Legitimate Redirect37–60%

Notification Spoofing25–44%

Google Workspace

Notification Spoofing31–59%

Authority Impersonation78–82%

Domain Lookalike66–77%

Legitimate Redirect37–66%

CAPTCHA Gate15–44%

Voicemail Pivot10–34%

The Platform Divide: Microsoft faces image-based attacks — QR codes up to 53%, PDF attachments up to 43%. Google Workspace faces spoofed notifications up to 59%, voicemail pivots up to 34%. Attackers adapt evasion profiles to each platform's architecture.

Ranges reflect variation across environments. Sample sizes are small; patterns are directional.

🔒

Unlock the Campaign Walkthroughs & Detection Analysis

How 5 real attack campaigns defeat each layer of email security — plus detection gap analysis, EDR limitations, and defense implications.

What's below: 5 campaign walkthroughs · Detection tier analysis · Why EDR doesn't close the gap · DocuSign-SendGrid nexus · Defense implications

Campaign Intelligence

How these attacks actually work

Anonymized real detections. Each shows how technique combinations defeat detection at each stage of the email security pipeline.

Cluster #1 Difficulty 7/10

The Canonical TOAD Attack

Authority + Brand + Domain Lookalike + Financial Lure + Phone Callback · 5 techniques · 3.4% of detections

An email from "Sandra" at Outlook.com. Subject: "welcome." Body claims to be PayPal: "Your account has been upgraded. A charge of $249.99 has been applied. Call (XXX) XXX-XXXX immediately if you did not authorize this."

Stage	What Happens	Why Detection Fails
Delivery	Email from webmail with PayPal branding, financial language, and a phone number.	No URL or attachment to scan. PayPal branding appears in millions of legitimate emails.
Trust	PayPal logo, color scheme, legal footer. Specific dollar amount and "business account upgrade" framing.	Brand-matching requires visual analysis. The dollar amount feels transactional, not fabricated.
Exploitation	Victim calls the number. Call center performs credential harvesting or gift card fraud.	The attack is over the phone — no email security monitors calls. Remediation cannot undo a completed call.

Family 4A 53% QR rate in MS Basic

The QR Triple Stack

QR Code + PDF Attachment + CAPTCHA Gate · 1.5% of detections · Concentrated against Microsoft Basic

An email from "internal HR" with subject "[COMPANY] December Bonus" contains a PDF with a QR code leading to a CAPTCHA-gated credential harvesting page.

Stage	What Happens	Why Detection Fails
Delivery	HR/payroll-themed email with a PDF attachment. No URL in the email body.	No malicious URL text for regex to match. PDF is a legitimate business document format.
Payload	QR code embedded as an image inside the PDF. Encodes a URL to a credential harvesting page.	The URL is encoded in pixels inside an image — requires OCR, computer vision, and QR decoding.
Gate	CAPTCHA blocks automated analysis of the decoded URL.	The SEG sandbox hits the CAPTCHA and cannot proceed. URL is marked "clean."
Exploitation	Victim scans QR on personal mobile, completes CAPTCHA, enters credentials.	Mobile device is outside enterprise security monitoring. Exploitation occurs on an unmanaged device.

Cluster #4 48% penetration vs MS E3

The Multi-hop Redirect Chain

Authority Impersonation + Legitimate Redirect + Multi-hop Redirect · 1.3% of detections

An email arrives advertising weight loss medication, redirecting through tracksmo.store → frametwistnine.com → final harvesting page. Each hop passes reputation checks individually. The intermediate redirect returns a benign page at scan-time, switching to the malicious page at click-time.

Stage	What Happens	Why Detection Fails
Delivery	Email with embedded URLs through legitimate redirect infrastructure.	First-hop URLs pass reputation checks via trusted redirect endpoints.
Evasion	3+ redirect hops exceed scanner recursion depth. Returns benign page when scanned, malicious at click-time.	SEG scanners follow 1–2 redirects. 3+ hop chains defeat time-of-click rewriting.
Exploitation	Credential harvesting page that only activates after the scan window closes.	Safe Links' 48% E3 penetration suggests attackers engineer redirect chains to evade time-of-click rewriting.

Cluster #10

The Internal Impersonation Attack

Authority Impersonation + Domain Lookalike + Legitimate Redirect · 1.0% of detections

An email arrives from dsmgroup.cl with subject "[COMPANY-B] Please confirm your account Verification." The sender shows the target company's name. A "Continue" button redirects through multiple domains to navco.in, a credential harvesting page.

Stage	What Happens	Why Detection Fails
Trust	Sender name matches the victim's own company. Subject references account verification — a routine IT workflow.	Completely plausible. The only signal is sender-name vs. sender-domain mismatch.
Evasion	Multiple redirect hops through different domains before reaching the harvesting page.	Sender-brand correlation is contextual intelligence most SEGs don't perform.

Cluster #3 6 techniques

The Fully-Loaded Notification TOAD

Authority + Brand + Domain Lookalike + Financial Lure + Notification Spoofing + Phone Callback · 1.8% of detections

Subject: "The $349.74 USD order is currently being activated." Sender: "Segundo B" from colegiodonvasco.edu.mx. The email is a Norton billing notification with order number, transaction ID, and a callback number.

Stage	What Happens	Why Detection Fails
Trust	Automated system notification format. Order numbers and transaction IDs add bureaucratic credibility.	Recipients are conditioned to trust automated notifications from hundreds of legitimate services. The fake notification format also provides cover for unusual formatting.
Evasion	Educational domain (.edu.mx) claiming to be Norton. No brand-matching logic connects them.	Connecting an .edu.mx domain to a Norton billing alert requires sender-brand correlation most SEGs don't perform.
Exploitation	Phone callback to the provided number leads to social engineering.	Same TOAD structural blind spot. The attack exits email before any harm occurs.

Where Email Security Cannot Follow

Three tiers of architectural limitation

35.9%

Structurally Impossible

These attacks move the malicious action off the email plane entirely. No email-centric security solution can detect, block, or remediate the harm because it occurs in a channel the SEG cannot monitor.

TOAD (27.8%) · QR Code (6.0%) · Voice Channel Shift (2.1%)

~20%

Practically Defeated

CAPTCHA-gated attacks across all families. The SEG sandbox encounters the CAPTCHA and cannot proceed — the attacker is detecting the detector and blocking it.

CAPTCHA gates across all attack families

~44%

Prohibitive False Positive Cost

Legitimate Redirect Abuse (43.0%), Financial Lure (44.1%), Authority Impersonation (65.5%). These techniques succeed because their vocabulary is identical to legitimate business communication. Detection cost exceeds miss cost.

Blocking "invoice" + "payment" would paralyze accounts payable

Why Endpoint Detection Doesn't Close the Gap

EDR products — Microsoft Defender for Endpoint, CrowdStrike Falcon, SentinelOne — detect malicious code execution on managed endpoints. The evasion patterns here are engineered to avoid the endpoint entirely.

TOAD: Never Touches the Endpoint

The victim calls a phone number. Credential harvesting, remote access installation, gift card fraud — all happen over the phone. EDR sees nothing: no file execution, no process creation, no network indicator of compromise. When the attacker later uses stolen credentials, the authentication happens against cloud services, not on the endpoint.

QR Codes: Unmanaged Devices

QR code attacks (up to 53% in Microsoft environments) shift exploitation to personal smartphones. EDR sees the PDF opened — it cannot see the phone scanning the QR code, navigating the CAPTCHA, or entering credentials on an unmanaged device.

The Detection Stack Gap: Email security operates at the gateway. EDR operates at the endpoint. These evasion patterns exploit the gap — passing through the gateway without a signal, then executing through channels (calls, personal devices, browser sessions) the endpoint cannot monitor. TOAD growth at 27.8% is an explicit attacker shift away from the endpoint.

The DocuSign-SendGrid Nexus

DocuSign at 24.8% is now the most impersonated brand. Attackers use the same SendGrid infrastructure as real DocuSign — structurally indistinguishable at the email header level.

Brand Ecosystem	% of Total
DocuSign	24.8%
Microsoft	11.7%
Google	10.7%
Norton/McAfee/Geek Squad	10.6%
SendGrid	8.2%
PayPal	5.9%
Amazon/AWS	5.9%
Meta/Facebook	5.4%
Shipping (USPS/UPS/FedEx/DHL)	3.6%

66.2% of all detections reference an identifiable brand.

The Implication

If attackers evolved, so must detection

Attackers — Before

Single-technique attacks

● One phishing link per email

● Detectable by URL scanning

● Blocked by reputation filters

→

Attackers — Now

Personalized kill chains

★ 4.11 techniques per attack, stacked by design

★ Platform-specific evasion profiles

★ 35.9% in structural blind spots

Defenders — Before

Context-less alerts

● Pattern-matched flags

● No cross-signal correlation

● Single-layer scanning

→

Defenders — Now

Full kill chain reasoning

★ Fully identified and reasoned cases

★ Complete kill chain analysis per email

★ Semantic understanding, not pattern matching

They went from single techniques to personalized kill chains. We went from context-less alerts to fully reasoned cases with complete kill chain analysis.

What You Can Do About It

See what's getting past your email security

This research is based on real enterprise environments. The evasion patterns hitting your organization are specific to your platform, your SEG, and your industry.

Threat Briefing

Walk your security team through the full findings. We'll present the research, answer questions, and map it to your environment — 30 minutes, no commitment.

Book a Threat Briefing →

Threat Assessment

See what evasion patterns are getting past your current email security. We'll run a proof-of-concept against your live traffic and show you your specific blind spots.

Request a Threat Assessment →

StrongestLayer Threat Research Team

Evasion Technique Combinations in Enterprise Phishing Campaigns · February 2026

1,400 ways attackers beat your email security

22 techniques. 5 categories. 1,400+ unique combinations.

Technique Stacking: The End of One-Trick Attacks

The #1 attack family has no scannable payload

The three-layer evasion architecture

Attack families ranked by evasion strategy

Attackers adapt to your security stack

Unlock the Campaign Walkthroughs & Detection Analysis

How these attacks actually work

Three tiers of architectural limitation

Why Endpoint Detection Doesn't Close the Gap

TOAD: Never Touches the Endpoint

QR Codes: Unmanaged Devices

The DocuSign-SendGrid Nexus

If attackers evolved, so must detection

See what's getting past your email security

Threat Briefing

Threat Assessment

Don’t let legacy tools leave you exposed.

1,400 ways
attackers beat
your email security