Hey there! Have you ever received an email and wondered if it’s really from who it claims to be from? How confident are you in its authenticity?
Cybercriminals are getting crafty with social engineering, phishing attacks, and other sneaky tactics to manipulate their targets into making fraudulent payments. This scam starts by compromising one account and then leveraging the trust between that account and its connections, like vendors, colleagues, or clients, to coerce the target into transferring money to the attacker.
These attacks are wreaking havoc on financial institutions, real estate firms, and law practices, especially in today’s remote work landscape.
We’ve chatted with many email users who have fallen prey to this scheme, resulting in significant financial losses and damage to their reputation. Email Account Compromise (EAC) has been a longstanding threat, yet many users still struggle to understand how it works and how to protect themselves. We’re here to equip you with the knowledge you need to defend against EAC before you become a victim of this costly deception.
How Does the EAC Scam Work?
Email Account Compromise is a sophisticated email scam where threat actors use social engineering or computer intrusion tactics to gain access to an email account without the owner’s knowledge. These scams often start with a phishing email, where a user unknowingly compromises their account by clicking a link, opening an attachment, or falling victim to password guessing.
Once an account is compromised, the attacker has free rein. Malicious emails are sent to everyone in the account owner’s address book, exploiting the trust built with these contacts to further compromise accounts. Cloud platforms like Microsoft 365 and Google Workspace have made EAC even more efficient, allowing cybercriminals to target multiple accounts with ease.
EAC attacks are hard to detect because fraudulent emails are sent directly from the compromised account, bypassing sender authentication protocols. These emails often lead to wire transfer fraud and other harmful consequences.
Below is an example of a fraudulent email sent from a compromised account in a sophisticated EAC scam targeting the legal industry. Fortunately, it was caught by advanced email security before reaching the recipient’s inbox.


Another example is an email from a compromised Berkshire Hathaway employee’s account containing a malicious attachment. This email was also intercepted by effective email security measures.


How Can I Tell If My Email Account Has Been Compromised?
If you’re concerned about EAC, there are signs to watch for to determine if your email account has been compromised.
If you can’t log in to your account, it could indicate that a threat actor has changed your password. Checking your “Sent” emails for messages you didn’t send and monitoring your IP address log for unfamiliar locations are also red flags. Additionally, feedback from contacts about suspicious activity can signal a compromise.
What Should I Do If My Email Account Has Been Compromised?
If you suspect your email account has been compromised, taking immediate action is crucial. Notify law enforcement, contact your financial institution, and change any shared passwords. Reporting the incident and apologizing to contacts for any inconvenience is also recommended.
Tips & Advice for Recognizing and Defending Against Email Account Compromise
To protect yourself from EAC, avoid interacting with emails from unknown sources, scrutinize email addresses for subtle changes, and verify wire transfer instructions through trusted channels. Implementing a robust email security solution is key to preventing EAC and other email scams.
Are you ready to safeguard your business against email threats? Use our Email Risk Assessment Toolkit to assess your email security and receive tailored advice on enhancing your defenses.
