Secure Your Human Layer Against Email Account Takeover

Criminals are successfully stealing employee credentials and using compromised email accounts to launch attacks that escape detection. Learn how Armorblox protects your business from email account compromise.

Take 5-min product tour

56,000: Organizations protected

5: Minutes to deploy over API

75-97%: Reduction in Phishing Response Times

What Is Email Account Compromise (EAC)?

In an Email Account Compromise (EAC) scam, attackers use various tactics such as phishing, malware, and purchasing info from the dark web to gain unauthorized access to email accounts. EAC is also known as email account takeover or email hijacking.

Attacks following account takeover are some of the hardest to detect because they are launched from the compromised accounts of legitimate users. EAC attacks prey on the trust established between colleagues to deploy ransomware, exploit and steal sensitive data, or divert funds to fraudulent accounts.

Even vigilant readers of email are bound to trust communications from colleagues after quickly verifying the sender address. But if a legitimate business email account has been taken over by cybercriminals, it ends up being the perfect delivery vehicle for far-reaching attacks.

Common Indicators of Email Account Compromise

Email account takeover scams are tough to spot because they come from legitimate user accounts that have been compromised. Here are some telltale signs of an EAC attack:

Get risk assessment

Anonymous IP Logins
You know an employee is in the office today, but they suddenly log in from an anonymous IP address.
Impossible or Unusual Travel
An employee logs in from IP addresses corresponding to Los Angeles and Lagos within a span of 10 minutes.
Unusual Mail Patterns
An employee suddenly sends out 100 emails to both internal and external employees at 3am. Insomnia or something else?
Suspicious Mail Forwarding Rules
An employee sets up forwarding rules on their work email account that diverts scores of sensitive emails to an external personal email account.

Prevent Credential Phishing

Email account compromise usually starts with a phishing attempt. Armorblox looks at thousands of signals to stop advanced 0-day credential phishing attacks that get past legacy email security controls.

Credential Phishing Protection

Stop emails that try to phish for account credentials, such as emails linking to fake Office 365 login pages.

Computer Vision Techniques

Leverage computer vision and language models to detect phishing pages that haven’t yet been flagged by threat feeds.

Custom ML Models

Contain targeted threats with custom machine learning models built for every organization and user.

Identify Anomalous Behaviors

Armorblox detects unusual behavioral signals and attempts by cybercriminals to gain persistence after they take over an employee’s account.

Context-Aware Detection

Armorblox creates communication baselines for every customer and identifies anomalies that can signify potential email account compromise.

Anomalous Signal Detection

Detect unusual behavioral signals such as anonymous logins, impossible travel, and sequences of strong authentication failures.

Data Theft Prevention

Prevent data exfiltration by identifying unusual mail forwarding rules.

Save Time on Detection and Response

Armorblox has pre-built detection policies and automatable response action that don’t require hours of manual setup and maintenance. Our platform does the heavy lifting so your team has more time to investigate and hunt for threats.

Threat Detection Categories

Avoid manual policy creation with pre-built threat detection categories (e.g. phish URL in mail body, phish URL in attachment, potential account compromise).

Preconfigured Policy Actions

Use preconfigured policy actions to safe list accepted behaviors, remotely lock suspicious user accounts, and automatically remediate phishing emails.

Automated Remediation

Save time by setting automated remediation workflows for specific departments and threat types with custom alerting.

Cities and counties have seen a startling increase in business email compromise and impersonation attacks. In deploying Armorblox, we have a tool that helps detect and prevent those attacks smartly — it is highly effective and does not interrupt the flow of City business.

Rob Lloyd

CIO | CITY OF SAN JOSE

Learn more ⇢

Why Armorblox for Email Account
Takeover Protection?

Algorithms That Understand Hidden Threats

Armorblox algorithms understand the content and context of BEC attacks to stop advanced and payloadless threats.

Detection & Response That Saves Time

Armorblox has out-of-the-box detection policies and automatable response actions that take email security busywork out of your hands.

Machine Learning Tailored to Your Business

We don’t have all the answers, but you do. Armorblox builds custom ML models for every customer and end user to keep learning and get better with time.