From 2019 into 2021, phishing incidents tripled, while phishing was found to be the largest used cyberattack vector. One commonly used type of phishing is a credential phishing attack over email. This is an act where an attacker tries to steal credential information from a target via a phishing website. This phishing website is delivered to the target over email. Even though much research has been done on the detection of such attacks, this rise in incidents was not prevented. In this thesis, it was found that a credential phishing attack over email consists of four phases, with an important phase being the attack conduction phase. This attack conduction phase comprises four stages. Most phishing detection systems focus on two of these stages, the ’email received’ stage and the ’website visited’ stage. Though, all research focused on either of the two stages, not a combination of both. Every research handled phishing emails and phishing websites as isolated entities. Also for any other stage, no research on detection was found comprising more than one stage in any of the phases in the credential phishing attack chain. To perform this research, a dataset containing both benign and phishing emails has been selected. The dataset originates from a combination of an openly available dataset and private datasets. Each email used originates from the period from 2015 up to 2022. To increase phishing detection capabilities, a more holistic approach to the phishing attack chain was introduced in this thesis. Emails and any (phishing) websites in that email were handled as one entity. This opened up new phishing detection capabilities. Features have been identified that made, amongst other aspects, use of brand recognition in both email and website. To extract these features, a brand recognition system has been created. This system is able to detect the logos of brands in emails and websites and name the brand associated with that logo. The system consists of a combination of neural networks and Google reverse image search. An XGBoost algorithm has been built on top of these brand recognition features. This resulted in a phishing detection system which was able to predict phishing emails from the dataset with a precision of .834 and a recall of .836. The extraction of the brand recognition features took on average 70.18 seconds per email. Though, this execution time grows linearly with the number of URLs present in an email. By building a phishing detection system of features using information from a combination of email domains, website domains, website URL redirects, certificates, email content such as brand names in text, domain registration dates, DMARC and SPF, an XGBoost model could be created with a precision of .957 and a recall of .943. The extraction of those features took 25.57 seconds on average. By combing all feature types (both brand recognition and non-brand recognition types), a precision of .967 and a recall of .947 could be obtained with an XGBoost model. This was called the ’Fusion module’. This Fusion module thus shows very decent phishing detection capabilities on the dataset. Using the same holistic approach as before, another phishing detection system was proposed. For this holistic approach, systems performing phishing detection at several stages in the credential phishing attack chain were combined into a single classification system. A Structure module has been designed and created, performing phishing detection solely on emails. This ’Structure module’ used 68 features focusing on the structural aspects of an email. The best classification performance of this model was obtained with an XGBoost algorithm, which had a precision of .977 and a recall of .957. A ’Website module’ performed phishing detection on whether a website was likely to be a phishing website. It used a simpler version of the brand recognition system used in the Fusion module. This module obtained a precision score of .661 and a recall of .775. The prediction of these two models for an email, along with the prediction of the Fusion module, was used as input for another machine learning model. A Support Vector Machine model was selected, and this model was then able to perform phishing detection on the dataset with a precision of .985 and a recall of .974. This holistic system thus showed improved performance over the individual prediction systems. The holistic system was able to increase overall phishing detection by combining phishing detection systems from different stages in a credential phishing attack over email.