Fluent Prose: The Phishing Technique Security Training Ignores

The early data from Threat Terminal is starting to tell a story I did not expect.

The technique with the highest bypass rate is not urgency. It is not authority impersonation. It is not hyper-personalization. It is fluent prose: phishing emails that read like perfectly normal business communication. No time pressure. No threats. No obvious manipulation. Just a well-constructed email that happens to be malicious.

The technique with the lowest bypass rate is credential harvesting, the one security awareness training spends the most time on.

The gap between them is roughly three to one.

What the data shows so far

A few important caveats before I go further. The dataset currently has around 700 responses from roughly 46 participants. That is enough to see patterns but not enough to make strong statistical claims. Data collection is ongoing and the sample is self-selected: people who voluntarily play a phishing detection game are more security-aware than the general population. These are early findings, not conclusions.

With that said, the pattern is consistent enough to be worth discussing.

Fluent prose phishing bypasses participants at the highest rate of any technique in the study. Credential harvesting, where the email directs the recipient to a fake login page, produces the lowest bypass rate. The techniques that security training focuses on most heavily are the ones people are already best at catching. The technique that training barely mentions is the one people miss most often.

Why fluent prose works

This makes sense when you think about how detection actually works. People look for signals that something is wrong. Urgency is a signal. A request for credentials is a signal. An impersonated authority figure is a signal. Security training teaches you to look for exactly these patterns, and the data suggests it works. People catch them.

Fluent prose has no signal. The email reads like something a colleague or vendor would actually send. There is no manipulation mechanism to detect because the manipulation is the absence of detectable manipulation. The email survives every heuristic that training teaches you to apply.

This is also reflected in the decision timing data. Players take the longest to reach a verdict on fluent prose cards and the shortest on credential harvesting. People know what credential harvesting looks like. Fluent prose makes them hesitate, and hesitation correlates with errors.

The confidence problem

One of the more interesting secondary findings is confidence calibration. Players who report high confidence in their answers are, in fact, more accurate than those who report low confidence. That part works as expected. But the gap is not as large as people think. Being confident makes you more likely to be right. It does not make you immune to being wrong.

This matters because fluent prose is exactly the category where overconfidence is most dangerous. If an email looks completely normal and you feel certain it is legitimate, you are going to act on it. There is no moment of hesitation where a second look might save you. The miss is invisible.

The auth trap

There is another finding worth mentioning briefly. Some phishing emails in the dataset have fully passing authentication headers: SPF, DKIM, and DMARC all show PASS. This is realistic. An attacker who registers a lookalike domain and sets up proper DNS records will produce emails that pass every authentication check. About one in five players who encounter these cards trust the green checkmarks and classify the email as legitimate.

This is a different problem from fluent prose, but it compounds it. An email that reads like normal business communication and passes all authentication checks has almost nothing left for the recipient to flag. The technical signals say it is real. The linguistic signals say it is real. What is left?

What this means for training

Security awareness training is, by the data so far, optimized for the wrong threat. It spends the most time on the technique people are already best at detecting and almost no time on the technique that actually bypasses them.

This does not mean credential harvesting training is useless. A 7% bypass rate is not zero, and in a large organization that still represents real risk. But if you have a limited training budget and limited employee attention, you are spending it on the problem that is already mostly solved while ignoring the one that is three times worse.

The harder question is what fluent prose training would even look like. You cannot teach people to spot a red flag that does not exist. The defense against fluent prose is not pattern matching. It is process: verifying requests through a second channel, questioning emails that ask for action even when they look legitimate, treating "this seems fine" as insufficient reason to comply.

That is a fundamentally different kind of training. It requires shifting from "spot the bad email" to "verify before you act, even when nothing looks wrong." Most organizations are not there yet.

Where this is going

These findings are preliminary. The sample needs to grow before the technique-level comparisons can support strong claims, and there are confounds I have not fully addressed. Players review emails as a neutral third party, which changes the dynamics of certain techniques. The dataset is AI-generated, which constrains how realistic some scenarios can be.

But the direction of the data is clear enough to be worth sharing now. If fluent prose continues to produce the highest bypass rate as the sample grows, it has implications for how organizations prioritize their phishing defenses. The threat that looks like nothing is harder to fight than the threat that looks like something.

Data collection is ongoing. The live findings update at research.scottaltiparmak.com/intel as responses come in.

Play Threat Terminal to contribute to the dataset.