Email Account Compromise

Criminals are successfully stealing employee credentials and using compromised accounts to launch attacks that escape detection.

Get Whitepaper
Email Account Compromise

What is Email Account Compromise?

Even vigilant readers of email are bound to trust communications from colleagues after quickly checking the email address. But if a legitimate business email account has been taken over by cybercriminals, it ends up being the delivery vehicle for far-reaching attacks.

Get Credentials

Attackers get the login credentials for a legitimate email account through credential phishing.

Ensure Access

Attackers guarantee continued access to the compromised account, either by changing passwords or by setting up auto-forwarding and auto-delete rules.

Lie in Wait

Depending on the end goal, attackers might lie dormant and read through all the communications flowing through the compromised account.


Account compromise can have multiple end goals. Attackers can aim to harvest more credentials, transition to BEC, launch ransomware campaigns, and more.

Common Indicators of Email Account Compromise

Anonymous IP Logins

You know an employee is in the office today, but they suddenly logged in from an anonymous IP address.

Impossible or Unusual Travel

Unless Sonic the Hedgehog is your employee, no one logs in from Los Angeles and Lagos within a span of 10 minutes.

Unusual Mail Patterns

An employee suddenly sends out 100 emails to both internal and external employees at 3am. Insomnia or something else?

Suspicious Downloads

Did an employee suddenly download 10 sensitive blueprints that are critical to your go-to-market plans for the year ahead?

Armorblox Prevents Email Account Compromise

Protect high-risk users

  • Track IOCs across user identity, behavior, and context of access
  • Get prioritized alerts if VIP user accounts are compromised

Inspect indicators of compromise

  • Get detailed insights across IOCs
  • Safe list accepted behaviors
  • Lock access to compromised accounts

Manage threats and measure performance

  • Manage a central repository for all EAC threats with intuitive search and query
  • Get at-a-glance overview of EAC threat remediation performance


Comprehensive Email Security

Protect your business against payment fraud, executive impersonation, credential phishing, account takeovers, and other attacks

Lightning Fast Deployment

Connect to your email over APIs and deploy enterprise-wide within minutes

Accelerated Incident Response

Reduce SOC burden with bulk, one-click remediation for abuse mailbox and other broader attacks within your organization

Schedule a Demo Today!

Learn how Armorblox can help protect your organization against phishing, spear phishing and business email compromise attacks.