Document Owner: Damian Stalls
Backup Owner: Josh Miller
Last Verified: 2026-05-19
OVERVIEW
Avanan Email Security may add banners to emails to help you identify suspicious patterns and reduce the risk of phishing and fraud. Banners do not mean an email is definitely malicious, but they are a signal to slow down and verify before taking action.
PURPOSE
- Explain what Smart Banners and Warning Banners are
- Explain how to respond safely when you see banners
- Show common banner examples and what they mean
WHO THIS IS FOR
- All end users who send and receive email
- Users who see banners such as payment change requests, invoice warnings, or spoofing indicators
WHAT TO DO
Step 1: Identify the banner type
- Smart Banners are informational banners added to emails that were allowed through but contain patterns that commonly appear in fraud or phishing attempts.
- Warning Banners are risk-oriented banners used when the message is allowed through but has attributes that could be dangerous (for example, suspected phishing indicators or risky attachments).
Step 2: Follow safe actions when a banner is present
- Do not rush. Banners are designed to interrupt “urgent” fraud attempts.
- Verify requests using a trusted method. For payments, banking changes, payroll updates, or invoice requests, verify using a known phone number or an existing trusted thread.
- Do not open attachments you weren’t expecting. If unsure, contact support before opening.
- Do not click links if the request is unexpected. If it’s a login/payment request, navigate manually to the known site or contact support.
Step 3: Smart Banners (what they mean)
Smart Banners are designed to make users cyber-aware and encourage safe behavior, especially for financial or identity-based requests.
Notes about Smart Banners
- Smart Banners are not added to allow-listed emails.
- When multiple banners apply, the highest severity banner is used.
- Some Smart Banners apply only to emails written in English (examples include payment details updates, invoices from new vendors, payroll update requests, and invoice/PO emails).
Smart Banner Examples
Business Email Compromise: Request to update payment details
Requests from vendors to change their payment details
Sender resembles a real contact
Sender resembles, but is not identical to, a known contact
Invoice from a new vendor
Invoice received from a vendor you did not have contact with before
Payroll information update request
External sender asks to update payroll details
Financial transaction requests: Payment request via payment service
Emails with Invoices / POs
Avoiding inspection: Emails with links to restricted resources
Reply-to domain recently created and different than sender
Sender name different than address
Sender SPF failed
Sender domain created recently
Incoming email from external sender
Impersonation: First-time sender
Impersonation: Sender resembles a person within the organization
Step 4: Warning Banners (what they mean)
Warning Banners may be used when a message is allowed through but has attributes that could be risky. These banners help you make safer decisions before interacting with the message.
Common Warning Banner types
- Suspected phishing: message contains elements that may indicate phishing intent
- Encrypted attachments: encrypted attachments are often used to evade scanning; open only if expected and verified
- Password-protected attachments: may require a password for scanning; verify sender before providing any password
Warning Banner Examples
Suspected Phishing
Encrypted Attachments
Password Protected Attachments
WHEN TO CONTACT SUPPORT
- You receive a banner on an email requesting payment changes, payroll changes, or urgent account updates
- You are unsure whether an attachment is safe to open
- You believe the sender is impersonating a known contact or vendor
- You clicked a link and were redirected to a warning page
When contacting support, include the sender, subject, and a screenshot of the banner.
IMPORTANT GUIDELINES
- Banners are a safety signal—slow down and verify.
- Do not use contact details from the email when verifying payment or account-change requests.
- If you are unsure, do not reply, do not click links, and do not open attachments until verified.
ALSO PUBLISHED AT
Support Portal (Knowledge Base): https://support.complete.net → Knowledge Base → Avanan Email Security
Public KB: https://help.complete.net/m/AvananEmailSecurity/