Why the way businesses share documents and messages is built on a model that was broken from the start
You receive an email. A document is ready for your review. Click here to access it.
You’ve seen this hundreds of times. From your accountant, your solicitor, your bank, your clients. A link. A deadline. A request to click.
Now ask yourself: how do you know that link is legitimate?
The honest answer, in most cases, is that you don’t. You recognise the sender name. The branding looks right. The context makes sense. So you click.
This is not a failure of judgement. It is a failure of the model. The shared link — the mechanism that almost every business uses to share documents with external parties — is structurally indistinguishable from a phishing attack. That is not a flaw in how links are used. It is a flaw in what links are.
Four Problems With Links That Nobody Talks About
The phishing risk is the most visible problem. It is not the only one.
- Links expire — or don’t — Expiring links mean resent links, more emails, more clicks, and recipients in a hurried state of mind most vulnerable to a spoofed resend. Links that never expire are worse — a permanent door into your documents sitting in forwarded inboxes and archived threads you no longer control.
- Links can be forwarded — When you send a document link to a client, you are sending it to an inbox, not a person. It can be forwarded to colleagues, personal accounts, or third parties you never consented to share with. The access you intended for one person becomes access for an unknown number of people on devices you cannot audit.
- Links have no identity — A shared link does not know who is clicking it. It knows that someone with the link clicked it. Access controls based on links are based on possession of a URL — not on the verified identity of the person. If the link reaches the wrong person, the wrong person gets in.
- Links reset the vulnerability every time — Every new share is a new link, a new email, a new click — and a new opportunity for interception or spoofing. There is no persistent, trusted connection between the two parties. The risk resets to zero with every transaction.
The Alternative: Permanent, Verified, Link-Free Connections
The solution is not a more secure link. It is the elimination of the link entirely.
Instead of generating a link each time a document needs to be shared, consider a model where businesses are connected directly and permanently — peer to peer — through a verified, authenticated channel. Each party accesses that channel through their own dashboard, using their own verified credentials, at any time. There is no link to generate, no link to send, no link to click, and no link to spoof.
When a document is shared, it appears in the recipient’s dashboard. When a message is sent, it appears in the same place. Documents and the conversations around them live together in one verified environment — neither can be tampered with independently, and both are tied to authenticated identities rather than a URL anyone could intercept.
The recipient doesn’t react to a notification email with a link — the behaviour that phishing is specifically designed to exploit. They log into an environment they access every day, and the content is waiting. No click required. Nothing to spoof. Nothing to phish.
And for those who want to go further, passkey support on the dashboard sign-in removes the final remaining attack surface. Passkeys replace the traditional password entirely — authentication happens through a cryptographic key stored on the user’s own device, tied to their biometric or device PIN. There is no password to steal, no credential to phish, and no login page that can be convincingly spoofed. A fake sign-in page is useless against passkey authentication because the key never leaves the device and is bound to the legitimate domain. The dashboard is the trusted environment. Passkeys make the sign-in to it equally trustworthy.
When a contact leaves an organisation, access ends. When the relationship evolves, new documents and messages flow through the same channel without generating new exposure. The connection is established once. The vulnerability does not reset.
Who This Matters For
Any business that regularly shares sensitive documents or messages with external parties is operating within the link model and carrying its risks — law firms, accountancy practices, real estate teams, financial advisors, family offices. In each case the pattern is the same: document needed, link generated, email sent, click required.
And in each case, the audit trail that results is fragmented — activity spread across platforms, email threads, and downloaded files on devices nobody controls. A persistent, link-free channel creates a complete record instead: every document, every message, every access event in one place, tied to verified identities, timestamped and immutable.
The shared link solved a real problem. It also created a vulnerability that has been exploited billions of times, against a defence — user training and spam filtering — that has not contained it.
There is nothing to phish if there is no link to spoof. That is not a feature. It is a fundamentally different way of thinking about how businesses connect.
