Notifications
Clear all
Topic starter
27/06/2026 1:14 pm
TL;DR: Nearly 77% of email attacks contain a phishing link, according to Abnormal Security, reinforcing that phishing remains the primary delivery path for account compromise, credential theft, and downstream fraud. The control gap is not awareness alone but whether email, identity, and response workflows can detect and contain bait before users act.
NHIMG editorial — here’s why we think this discussion matters
By the numbers:
- Nearly 77% of all email attacks contain a phishing link.
Questions worth separating out
Q: How should security teams reduce the risk of phishing links in email attacks?
A: Combine email filtering with identity controls that limit damage after a click.
Q: Why do phishing attacks remain effective even with secure email gateways?
A: Because gateways inspect messages, not human decisions or downstream identity behaviour.
Practitioner guidance
- Strengthen post-click containment Require step-up verification for risky logins, block session replay where possible, and trigger rapid token revocation when suspicious link activity is detected.
- Tighten identity-linked alerting Correlate phishing detections with new logins, consent grants, MFA fatigue events, and unusual mailbox forwarding so the response starts before lateral movement completes.
- Reduce blast radius from compromised users Limit where standard user accounts can authorize SaaS consent, administer sensitive apps, or trigger privileged workflows, and keep those paths separate from everyday email use.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- The attacker techniques behind phishing link campaigns and how they change over time
- Why traditional email security tools miss a portion of malicious messages in real environments
- The role of security awareness training in reducing successful clicks and speeding user reporting
- What practitioners can do to protect organizations against phishing-driven identity compromise
👉 Watch Abnormal AI's webinar on phishing attacks and email security →
Phishing link prevalence: are your email controls keeping up?
Explore further
27/06/2026 2:30 pm
Phishing is still an identity governance failure, not just an email hygiene issue. The article's 77% figure reinforces that links remain the dominant delivery mechanism because the enterprise still relies on human judgement at the point of click. That means identity assurance, reporting speed, and post-click containment matter as much as inbox filtering. Practitioners should treat phishing as a lifecycle risk that spans identity, access, and response.
A few things that frame the scale:
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
- Lack of credential rotation is cited as the top cause of NHI-related attacks by 45% of organisations, followed by inadequate monitoring and logging at 37% and over-privileged accounts at 37%.
A question worth separating out:
Q: Who is accountable when a phishing click leads to account compromise?
A: Accountability is shared across security, identity, and business owners because the failure usually spans message handling, authentication policy, and response speed. Strong programmes assign clear ownership for detection, containment, and user remediation so a click does not become a prolonged compromise.
👉 Read our full editorial: Phishing remains the primary email attack vector for enterprises
