Machines Catch Yesterday’s Scams, Humans Stop Tomorrow’s

Email is still the front door for attackers. And the door is wide open. 

Scammers now use the same tools defenders do. A bad actor with access to a large language model can generate flawless English, craft convincing requests, and sound exactly like a colleague or supplier. The result: emails that slip past traditional filters with ease. 

“By the time blocking rules and security have been built up around a threat, attackers have cashed out, moved onto a new scam, and the cycle repeats,” says Zachary Travis, Security Operations Manager at Fortra.  

The problem is not that filters are weak. It is that filters are reactive. They stop what we already know. 

What Machines Do Best 

Machines are unmatched at scale. Filters can sift through millions of messages in seconds. Regex rules can catch familiar patterns. AI-driven tools can spot known indicators of compromise (URLs, domains, malicious payloads) and block them before they touch an inbox. 

Travis explains: “Analysis of such emails is mostly routine. The sender's email address and domain are heavily analyzed for legitimacy, the content of the subject and body is used to decide on a scam classification, and any IOCs are logged and used to improve filtering and blocking.” 

This routine matters. It clears the noise. It ensures most spam and known attacks never reach a human eye. But machines have a limit. They are good at yesterday. Tomorrow is harder. 

What Humans Do Best 

Scammers adapt. They hide payloads in nested attachments. They use base64 to bury code. They obfuscate links until the malicious intent is invisible to filters. Something as simple as a timestamp in a subject line can be enough to bypass automation. 

That is where humans come in. 

Analysts see what machines cannot. They notice tone, urgency, or requests that feel out of place. They read between the lines. They can recognize the signs of a “Docu-phish” or a Business Email Compromise attempt that looks perfectly ordinary to a filter. 

“A skilled analyst can dissect an email, recognize subtle patterns, and feed that intelligence back into security systems,” says Travis. This feedback loop matters. Humans don’t just block threats. They strengthen the machine. 

How Scammers Exploit Gaps 

Attackers know defenses are layered. So they work both sides. 

On the machine side, they use tricks to evade filters: randomized subject lines, hidden code, obfuscated payloads. On the human side, they use pressure: authority, trust, and urgency. They want the employee to act before thinking. 

That is why neither machines nor humans are enough alone. Each is strong where the other is weak. 

A Layered Defense 

The future is not machine versus human. It is machine and human. 

Filters and automation give scale. They block the bulk of routine attacks. Analysts provide adaptability, context, and foresight. And employees (if trained) serve as the last line of defense. 

Travis is clear: “Traditional email security measures can’t account for 100% of threats, and the use of AI to create convincing scam emails has changed the game.” Which is why organizations must build layers. Filters, analysis, and awareness together. 

Employee training is not an afterthought. It is how companies build what many call the “human firewall.” Staff who know what urgency scams look like. Who pause before sending sensitive data. Who report suspicious emails instead of clicking. 

The Way Forward 

The lesson is simple. Machines catch yesterday’s scams. Humans stop tomorrow’s. 

No one can predict the exact form the next scam will take. “Is it possible to predict what the next threat style will be and stay ahead of scammers? No, probably not with 100% accuracy,” admits Travis. But defenders can prepare. They can study past threats. They can learn the common elements of a scam: urgency, unfamiliar senders, overly friendly subjects, and train people to see them. 

The attackers will not slow down. Their tools will only get better. The answer is not to abandon machines, nor to rely on humans alone. The answer is to blend both, in a defense that adapts as quickly as the threats evolve. 

That is the only way to stay ahead.