How Can You Check If Your Email Is Compromised?

Email Exposure Check_1200x675Rudy Friederich, a KnowBe4 friend at Marshal Security LLC sent me the following interesting tips related to finding out if you are the victim of Business Email Compromise. He wrote:

"Any business which hasn't developed a formal policy on double checking/'checks and balances' of the validity of financial transactions—both coming and going—is just asking for trouble. Email account security should be a section of this policy. Things like:

  1. Regularly checking account activity
  2. Regularly checking 'Trash' folder to see if attacker has set up a rule directing certain emails to go into 'Trash.'
  3. Regularly checking the list of all your folders to see if a folder has been created by an attacker so he could set up a rule directing certain emails to go into this folder. (For example, if you created your own folder called 'Junk' in Gmail and then used the 'Hide' feature, would its existence really jump out at you - even if you saw it on a list?)
  4. Regularly checking the list of all your folders to see if a sub-folder has been created by an attacker within one of your legitimate folders so he could set up a rule directing certain emails to go into this sub-folder.
  5. Regularly checking 'Settings' to see if emails are being forwarded to an attacker's account
  6. And enforce a multi-factor authentication system

Train your critical staff to go over the extent of the problem and the policy and the countermeasures you have developed.

To illustrate the critical level of the problem, Friederich commented: "The problem is so severe that I would even consider requiring all employees to change their passwords on Monday morning. Start afresh. Know for sure - or at least for better sure - that nobody can continue to get into your email accounts."

We all know the practicality of that measure is low, but how about some additional features in email clients that look for points 1-5 above, and alert the end-user or admin that something is amiss? That sounds like a great new security feature. Anyone at the software side, you guys listening?

Here is an example, this rule totally works. Coupled with first creating a folder called 'Junk' and then 'hiding' it, an email from a specified email address will appear deep down in your Gmail folders and not show any indication it is a new email. There is no doubt if you had chosen to forward the email to another address that would have worked to.

When we tried to make one such rule work simultaneously for multiple incoming email addresses, however, the rule then did not work for any of the those specified email addresses. So apparently it's something you would have to do for each and every email address you want to set up the rule for.


How Many of Your Users' Credentials Have Been Compromised?

KnowBe4's Email Exposure Check Pro identifies the at-risk users in your organization by crawling business social media information and scouring thousands of breach databases. This is done in two stages: 

eecFirst Stage: Deep web searches find any publicly available organizational data so you can see what your organizational structure looks like to an attacker.

Second Stage: Finds any users that have had their account information exposed in any of several thousand breaches.

Your EEC Pro Reports: We will email you back a summary report PDF of the number of exposed emails, identities and risk levels found. You will also get a link to the full detailed report of actual users found, including breach name and if a password was exposed. 

Get your report now, it will only take a few minutes and is often an eye-opening discovery!

Get Your Free Report

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Nuclear Ransomware Webinar

Get the latest about social engineering

Subscribe to CyberheistNews