Your mailbox is more valuable than ever to attackers, with 93% of company breaches in security now starting with a phishing email. Whether users are targeted to receive phishing emails, or they have their mailbox compromised to send spam and viruses from your organization’s domain, the risks to your organization are great.
The symptoms of a compromised mailbox
When your domain is used to spread malicious email, it can impact your reputation as an email sender and as a trusted business, leading to blocked messages. There are some common symptoms of this activity, which busy users may struggle to notice, leading to undetected threats:
- The user’s mailbox may be blocked from sending emails
- Missing or deleted emails in their inbox
- Recipients report emails being received, but the user has no corresponding sent item
- The existence of inbox rules that neither the user nor your administrator has created. These rules may forward messages to the Junk folder
- Mail forwarding was recently added to the account without consent.
A connected approach
Thanks to its shared user list, Sophos Central is now able to link mailboxes protected by Sophos Email with the associated computers protected by Sophos Endpoint. Once linked, if Sophos Email detects 5 or more spam or virus emails sent in 10 minutes, the mailbox is automatically blocked while an endpoint scan is carried out. The infection is then removed and alerts are shared via Sophos Central.
Watch our video on Sophos Email Compromised Mailbox Detection: