Notifications
Clear all
Topic starter
27/06/2026 1:16 pm
TL;DR: Secure email gateways struggle to detect modern socially engineered email attacks as cloud migration changes the threat model, according to Abnormal AI’s webinar on how its detection approach uses identity, behavior, and content analysis. The core issue is that email security still assumes static indicators will catch attacks that now exploit trust, context, and user behaviour.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
A: Security teams should treat SEG as one layer, not the whole control stack.
Q: Why do cloud migrations make email social engineering harder to stop?
A: Cloud migrations spread trust across SaaS, identities, and delegated workflows, so a malicious message can look legitimate even when no malware is present.
Practitioner guidance
- Correlate mailbox alerts with identity signals Route suspicious-email detections into identity workflows so analysts can check sender legitimacy, account status, recent behaviour, and prior relationship history before action is approved.
- Baseline normal communication behaviour Track reply chains, sending patterns, timing, and request frequency for high-risk roles and externally facing accounts so behavioural drift is visible before a message is trusted.
- Tighten governance around delegated requests Require secondary verification for payment changes, credential resets, and approval requests that arrive through email, especially when they involve high-value identities or privileged workflows.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- A guided walkthrough of the platform features used to detect socially engineered email attacks in practice
- The full explanation of how identity, behaviour, and content analysis are combined in the detection flow
- Examples of the attack types secure email gateways struggle to block in cloud-first environments
- The webinar recording and demo context that shows how the vendor positions its email security workflow
👉 Watch Abnormal AI's on-demand webinar on blocking socially engineered attacks →
Socially engineered email attacks: what legacy controls miss?
Explore further
27/06/2026 2:33 pm
Legacy email filtering is no longer the control boundary for social engineering. The article shows that secure email gateways struggle when attacks are personalised, cloud-aware, and context-driven. That means the effective boundary has moved from message inspection to identity trust and behavioural consistency. Practitioners should stop treating inbox filtering as the definitive email security control.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- A separate finding from the same research shows that only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs.
A question worth separating out:
Q: How can organisations reduce the risk of request-based fraud through email?
A: Organisations should require extra verification for sensitive requests that arrive by email, especially when they involve money movement, credential changes, or privilege escalation. The key is to make the approval path depend on independent identity checks, not just on the email thread. That reduces the chance that a believable message becomes an authorised action.
👉 Read our full editorial: Legacy email security fails against socially engineered attacks
