Email Security Intelligence - What Is Email Account Compromise?

Email Account Compromise (EAC) is a cybersecurity attack that aims to fully compromise a user’s email account and gain access to the user’s inbox. This attack may be executed via one of several techniques, including malware, phishing, and brute force via password spray. The attacker will then use the compromised account to send phishing emails to the user’s contacts in an attempt to steal data, funds, and highly sensitive and personal information.

Often associated with Business Email Compromise (BEC), EAC has its own characteristics that all organizations should be aware of as an equally dangerous form of attack. This article will discuss the differences between Email Account Compromise and Business Email Compromise (BEC) as well as tactics for prevention.

Business Email Compromise

Business Email Compromise (BEC) is a method of attack cybercriminals use to manipulate the recipient of an email into thinking the message is coming from a legitimate and trusted source, instead of a hacker. Email accounts can be compromised by a phishing attempt or with social engineering tactics. After establishing misplaced trust, the attacker will make requests with the intention of defrauding the company, its employees, customers, and partners.

BEC also referred to as a man-in-the-middle attack, is a variant of a phishing attack that is intended to convince an employee into making a wired payment into a fake bank account. These attempts are often unnoticed by email security services as they don’t contain malware.

EAC and BEC Differences

BEC and EAC are similar threats with key differences. Security staff should protect user email accounts from both and build systems that will identify, isolate, and remediate each as soon as a compromise is spotted. Part of what makes EAC attacks so complex is the fact that the phishing emails are sent from a legitimate source as the account has been compromised. This also makes them much harder for the recipient to detect and disregard.

The main difference between the two attacks is that BEC is based on messages that are believed to come from a trusted source, whereas EAC messages are actually sent from a real individual. Attackers use various tactics, such as password spray, phishing, and malware, to compromise victims' email accounts, gaining access to legitimate mailboxes. After gaining access to the email accounts, an attacker is now able to exfiltrate data from the account, change forwarding and aliasing rules to hide future campaigns, and launch fraud or theft campaigns.

This does not include the potential of spreading malware, spyware, or ransomware, which are also possible risks once an email account has been compromised. EAC is dangerous because of the “the call is coming from inside the house” mentality where once the account is compromised, security mechanisms such as DMARC (Domain-based Message Authentication, Reporting, and Conformance), will fail to perform their jobs.

One of the biggest differences between the attacks is in the way systems protect against them. BEC protection begins with suspicion, when an email requests something unusual or even extraordinary in terms of information or action, confirming with the sender that the request is legitimate. EAC protection differs in that it starts by preventing email accounts against a takeover by any method and then extends protection against malicious email to those messages that come from corporate accounts.

Tips for Preventing Email Account Compromise

Because many cyber attackers rely on social engineering techniques, prevention protocols such as antivirus, or spam filters are ineffective. It is important to educate employees on prevention techniques, especially for staff who are likely to be the victims of phishing attempts. Some tips for preventing a successful attack include:

  • Be mindful of shared information: Attackers will sometimes use social media to gather information on their target. Limit the information you share both professionally and publically.
  • Confirm the content: Any suspicious requests made over email should be verified in person with the user. 
  • Protect your password: Keeping your password information private and changing your password often decreases the risks of your account being compromised via password spray.
  • Enable two-factor or multi-factor authentication: Adding this feature to all of your organization’s email accounts will add an extra layer of security.  
  • Think before you click: Hover over the hyperlinks in the email to view a preview before clicking on them to ensure they are coming from a legitimate and safe source.
  • Educate your staff: Teach your team how to detect these attacks. 
  • Use your DNS management console to add the proper SPF, DKIM and DMARC records and authenticate your domain.
  • Invest in a multi-layered security solution: Email security depends on defense in depth as no single security feature alone is enough to defend email against advanced attacks. An effective business email security solution should include multiple features and technologies designed to work harmoniously to detect and block threats in real-time, building on each other to provide stronger, more effective protection than any of these features would on their own.

The Bottom Line

Email Account Compromise is a cyberattack that leverages the user’s inbox before sending dangerous phishing emails. Because high-level employees involved in finance or wire transfers can be compromised or manipulated into making fraudulent transfers, hundreds of thousands of dollars may be lost. Business Email Compromise is a similar attack that organizations should also be mindful of, as it is equally dangerous. Both of these targeted attacks can be prevented from plaguing your business when the best practices discussed in this article are implemented.

Must Read Blog Posts

Latest Blog Articles