--- title: "What Happens When a Phishing Email Isn’t? | Phish Protection" description: "Everyone" image: "https://phishprotection.com/og/blog/what-happens-when-a-phishing-email-isnt.png" canonical: "https://phishprotection.com/blog/what-happens-when-a-phishing-email-isnt/" --- Quick Answer Everyone's on the lookout for phishing emails today (or if they're not, they should be). \_Some people are on high alert and are really good at spotting them. Are you?\_ Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fwhat-happens-when-a-phishing-email-isnt%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=What%20Happens%20When%20a%20Phishing%20Email%20Isn%26%238217%3Bt%3F&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fwhat-happens-when-a-phishing-email-isnt%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fwhat-happens-when-a-phishing-email-isnt%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fwhat-happens-when-a-phishing-email-isnt%2F&title=What%20Happens%20When%20a%20Phishing%20Email%20Isn%26%238217%3Bt%3F "Share on Reddit") [ ](mailto:?subject=What%20Happens%20When%20a%20Phishing%20Email%20Isn%26%238217%3Bt%3F&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fwhat-happens-when-a-phishing-email-isnt%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2019/11/anti-phishing-service-2311.jpg) Everyone’s on the lookout for phishing emails today (or if they’re not, they should be). _Some people are on high alert and are really good at spotting them. Are you?_ What if you received an email that you were convinced was a **phishing email**, with all the telltale signs, but it wasn’t? That’s exactly what happened to customers of[ TriNet](https://www.trinet.com/), one of the largest outsourced human resources providers in the United States, primarily for small-to-medium-sized businesses. TriNet sent an email to their customers’ remote employees and unintentionally crafted the email in such a way that it looked very much like a phishing email. So much so, that most experts who looked at it could not be sure it was 100% safe. According to the employees at[ TechCrunch](https://techcrunch.com/2019/11/17/trinet-email/) who analyzed the email, “_There were more red flags than we could count_.” From an article on[ SC Magazine](https://www.scmagazine.com/home/security-news/phishing/report-genuine-hr-emails-trigger-suspicions-after-accidentally-using-common-phishing-tricks/?utm%5Fsource=newsletter&utm%5Fmedium=email&utm%5Fcampaign=SCUS%5FNewswire%5F20191126&hmSubId=01xQvtS0ero1&email%5Fhash=0da939dab246e8101d6090def505f6f5&mpweb=1325-11327-1896988), the red flags included the following: ![Anti phishing service](https://media.mailhop.org/phishprotection/images/2019/11/anti-phishing-service-2311.jpg) - The TriNet logo in the email was hosted on the image-hosting site Imgur instead of the company’s own website, _a trick spammers use to avoid detection_. - The email contained a link to a web page with an entirely different domain than TriNet’s home page, and with minimal content or imagery to suggest that the page was even affiliated with TriNet. This made it seem as if users were being rerouted in a **DNS hijack attack**. - A subdomain used in the email had been set only weeks earlier, suggesting that a malicious actor may have recently registered the URL in order to launch a new campaign. - TriNet reportedly does not enforce the **DMARC policy** on its domain name, which would make it easy for hackers to spoof the company’s emails and create something that looked similar to the email in question. When it comes to phishing, we ask a really important question: _how do we keep the phishing emails out?_ But, now we have another important question: how do we simultaneously make sure we let the **non-phishing email** through, even when they look suspicious? It just so happens that the answer to both questions is the same. With [phishing prevention software](/products/advanced-threat-defense/). **Cloud-based phishing prevention** software, like that from[ Phish Protection](/), is designed to keep phishing emails out of inboxes. And even in cases where phishing emails get through, _Phish Protection renders them harmless with **real-time link click protection**_. ![Prevent spear phishing](https://media.mailhop.org/phishprotection/images/2019/11/prevent-spear-phishing-2371.jpg) Phish Protection works by looking at the underlying code of the email, as well as the underlying code and reputation of every domain a link in that email points to. In doing so, not only does it identify phishing sites, but as a byproduct of its investigation, it lets non-phishing email through, even when they look suspicious. > _You could say Phish Protection provides two services: it doesn’t get fooled by phishing emails and it doesn’t get fooled by suspicious non-phishing emails._ When you’re ready to protect your employees from phishing emails while simultaneously giving them the confidence that emails in their inbox are safe no matter what, head on over to [PhishProtection.com](/) Phish Protection works with all email providers, _sets up in minutes, comes with 24/7 live technical support and only costs pennies per employee per month_. Try it for free for 30 days. ## Topics [ Phishing ](/tags/phishing/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Foundational 5m 0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[ Foundational 4m 13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization Aug 1, 2019 ](/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization/)[ Foundational 4m All 14 centers of Kettering Health were affected by a massive ransomware attack, Major outage in the Ohio medical center May 23, 2025 ](/blog/14-centers-of-kettering-health-were-affected-by-massive-ransomware-attack-in-ohio-medical-center/)[ Foundational 4m 2021 Phishing Trends You Need To Be Wary Of Aug 2, 2021 ](/blog/2021-phishing-trends-to-be-wary-of/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"What Happens When a Phishing Email Isn’t?","description":"Everyone's on the lookout for phishing emails today (or if they're not, they should be). Some people are on high alert and are really good at spotting them.","url":"https://phishprotection.com/blog/what-happens-when-a-phishing-email-isnt/","datePublished":"2019-11-28T11:46:54.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2019-11-28T11:46:54.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/what-happens-when-a-phishing-email-isnt/"},"articleSection":"foundational","keywords":"Phishing","wordCount":550,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2019/11/anti-phishing-service-2311.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"What Happens When a Phishing Email Isn’t?","item":"https://phishprotection.com/blog/what-happens-when-a-phishing-email-isnt/"}]} ```