What we know and have trained users about phishing attacks has changed. Old methods no longer apply.
IT teams have deployed filters and taught our users to detect phishing attacks by scanning for suspcious URLs, spoofed login pages, and unrecognized senders. We've told poeple to change passwords, turn on two factor authentication and watch for suspicious logins.
None of these methods can defend against the next generation of automated, malicious API-based phishing attacks that are invisible to users and unmonitored by SaaS.