Email Account Compromise

Criminals are successfully stealing employee credentials and using compromised accounts to launch attacks that escape detection.

Get Whitepaper
Email Account Compromise

What is Email Account Compromise?

Even vigilant readers of email are bound to trust communications from colleagues after quickly checking the email address. But if a legitimate business email account has been taken over by cybercriminals, it ends up being the delivery vehicle for far-reaching attacks.

Get Credentials

Attackers get the login credentials for a legitimate email account through credential phishing.

Ensure Access

Attackers guarantee continued access to the compromised account, either by changing passwords or by setting up auto-forwarding and auto-delete rules.

Lie in Wait

Depending on the end goal, attackers might lie dormant and read through all the communications flowing through the compromised account.


Account compromise can have multiple end goals. Attackers can aim to harvest more credentials, transition to BEC, launch ransomware campaigns, and more.

Common Indicators of Email Account Compromise

Anonymous IP Logins

You know an employee is in the office today, but they suddenly logged in from an anonymous IP address.

Impossible or Unusual Travel

Unless Sonic the Hedgehog is your employee, no one logs in from Los Angeles and Lagos within a span of 10 minutes.

Unusual Mail Patterns

An employee suddenly sends out 100 emails to both internal and external employees at 3am. Insomnia or something else?

Suspicious Downloads

Did an employee suddenly download 10 sensitive blueprints that are critical to your go-to-market plans for the year ahead?

Armorblox Prevents Email Account Compromise

Prevent credential phishing

  • Detect and block emails that try to phish for account credentials e.g. fake Office 365 login pages
  • Leverage computer vision and language models to detect 0-day phishing pages that evade traditional security controls

Identify anomalous behaviors

  • Detect unusual behavioral signals e.g. anonymous logins, impossible travel
  • Safe list accepted behaviors and remotely lock suspicious user accounts

Detect data exfiltration

  • Spot attempts to gain persistence after account takeover
  • Prevent data exfiltration by identifying unusual mail forwarding rules


Comprehensive Email Security

Protect your business against payment fraud, executive impersonation, credential phishing, account takeovers, and other attacks

Lightning Fast Deployment

Connect to your email over APIs and deploy enterprise-wide within minutes

Faster Response Times

Reduce SOC burden with bulk, one-click remediation for abuse mailbox and other broader attacks within your organization

Schedule a Demo Today!

Learn how Armorblox can help protect your organization against phishing, spear phishing and business email compromise attacks.