E2E encryption of email by a client-controlled key avoids this problem.

The encrypted archive remains accessible, but actually reading it requires a key only the client holds. This neutralises most email account phishing attacks.