Notifications
Clear all
Topic starter
27/06/2026 1:19 pm
TL;DR: Email-based cyberattacks are getting more convincing by combining public data, executive impersonation, vendor spoofing, and malicious third-party integrations, according to Abnormal AI. The governance gap is not just email filtering but identity trust across human, vendor, and application channels.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should security teams handle executive impersonation attempts in email workflows?
A: Security teams should never let email alone authorise high-risk actions.
Q: Why do vendor impersonation attacks bypass normal email controls?
A: They succeed because the attack exploits relationship trust, not just message delivery.
Practitioner guidance
- Harden executive request workflows Require out-of-band verification for payment, credential, or policy exceptions that arrive by email, and do not allow inbox text alone to authorise high-risk actions.
- Map and restrict vendor-initiated workflows Identify which suppliers can trigger approvals, invoice handling, or account changes through email, then add validation steps for those vendor paths.
- Review inbox-connected third-party applications Inventory integrations that can read, send, or act on email, remove unused permissions, and treat persistent mailbox access as lifecycle-governed access.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- The specific email attack patterns the vendor highlights as most common in modern impersonation campaigns.
- Examples of how malicious third-party applications can observe inbox activity and what signals may reveal them.
- Practical guidance on stopping advanced email attacks before they reach sensitive workflows.
- The vendor's live demonstration and supporting material for teams evaluating email defence controls.
👉 Watch Abnormal AI's webinar on modern email impersonation and integration abuse →
Email impersonation, vendor spoofing, and integration abuse: what teams miss?
Explore further
27/06/2026 2:37 pm
Email impersonation is now an identity governance problem, not just a spam problem. The article shows attackers combining executive context, vendor trust, and third-party integrations to bypass ordinary inbox controls. That makes the control question broader than filtering, because the real failure is the trust model behind the message. Practitioners should treat email as a governed identity channel, not a standalone security tool.
A few things that frame the scale:
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
- 43% of security professionals are concerned about AI systems learning and reproducing sensitive information patterns from codebases, according to The State of Secrets in AppSec.
A question worth separating out:
Q: How do IAM teams reduce risk when email becomes a trust channel?
A: They should connect access governance to communication workflows. That means mapping which identities, vendors, and applications can initiate sensitive actions by email, then applying approval, verification, and review controls based on the business impact of those requests.
👉 Read our full editorial: Email impersonation risks are expanding across vendors and integrations
