How Can You Check If Your Email Is Compromised?

Email Exposure Check_1200x675Rudy Friederich, a KnowBe4 friend at Marshal Security LLC sent me the following interesting tips related to finding out if you are the victim of Business Email Compromise. He wrote:

"Any business which hasn't developed a formal policy on double checking/'checks and balances' of the validity of financial transactions—both coming and going—is just asking for trouble. Email account security should be a section of this policy. Things like:

  1. Regularly checking account activity
  2. Regularly checking 'Trash' folder to see if attacker has set up a rule directing certain emails to go into 'Trash.'
  3. Regularly checking the list of all your folders to see if a folder has been created by an attacker so he could set up a rule directing certain emails to go into this folder. (For example, if you created your own folder called 'Junk' in Gmail and then used the 'Hide' feature, would its existence really jump out at you - even if you saw it on a list?)
  4. Regularly checking the list of all your folders to see if a sub-folder has been created by an attacker within one of your legitimate folders so he could set up a rule directing certain emails to go into this sub-folder.
  5. Regularly checking 'Settings' to see if emails are being forwarded to an attacker's account
  6. And enforce a multi-factor authentication system

Train your critical staff to go over the extent of the problem and the policy and the countermeasures you have developed.

To illustrate the critical level of the problem, Friederich commented: "The problem is so severe that I would even consider requiring all employees to change their passwords on Monday morning. Start afresh. Know for sure - or at least for better sure - that nobody can continue to get into your email accounts."

We all know the practicality of that measure is low, but how about some additional features in email clients that look for points 1-5 above, and alert the end-user or admin that something is amiss? That sounds like a great new security feature. Anyone at the software side, you guys listening?

Here is an example, this rule totally works. Coupled with first creating a folder called 'Junk' and then 'hiding' it, an email from a specified email address will appear deep down in your Gmail folders and not show any indication it is a new email. There is no doubt if you had chosen to forward the email to another address that would have worked to.

When we tried to make one such rule work simultaneously for multiple incoming email addresses, however, the rule then did not work for any of the those specified email addresses. So apparently it's something you would have to do for each and every email address you want to set up the rule for.


Find out which of your users' emails are exposed before bad actors do.

Many of the email addresses and identities of your organization are exposed on the internet and easy to find for cybercriminals. With that email attack surface, they can launch social engineering, spear phishing and ransomware attacks on your organization. KnowBe4's Email Exposure Check Pro (EEC) identifies the at-risk users in your organization by crawling business social media information and now thousands of breach databases.

EECPro-1Here's how it works:

  • The first stage does deep web searches to find any publicly available organizational data
  • The second stage finds any users that have had their account information exposed in any of several thousand breaches
  • You will get a summary report PDF as well as a link to the full detailed report
  • Results in minutes!

Get Your Free Report

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Free Phishing Security Resource Kit

Get the latest about social engineering

Subscribe to CyberheistNews