Email Account
Takeover Protection


When attackers compromise email credentials, the possibilities are endless. Detect and mitigate email account takeovers in real time when you combine Abnormal Inbound Email Security with the Email Account Takeover Protection add-on module.

See a Demo

Account Takeovers Lead to Costly Data Breaches




Nearly 80% of Fortune 1000 organizations have at least one compromised account.
Source: Abnormal Data




33 million email credentials were stolen in 2021.
Source: 2022 Verizon DBIR




Compromised credentials leading to data breaches cost an average of $4.5 million.
Source: IBM Cost of a Data Breach 2022



Legacy Solutions Can't Detect Compromised Internal Accounts


Credential compromise is the most common cause of data breaches. Traditional email security solutions can’t effectively detect account takeovers in progress because they lack visibility into identity, behavior, and device attributes that indicate a user’s account has been hijacked.



Abnormal Inbound Email Security with Email Account Takeover Protection


Abnormal baselines normal behavior for every end user by analyzing signals like login frequency, authentication methods, locations, devices, operating systems, browsers, and more.

Armed with this knowledge, Abnormal detects when employee accounts have been compromised, remediates any messages sent from them, and disarms the account before attackers can do further damage.

Working together with Abnormal Inbound Email Security, the Email Account Takeover Protection module stops account takeover attempts to prevent additional attacks.


How Abnormal Stops Account Takeovers in Real Time


Detects Compromised Email Accounts


Abnormal observes end user behavior for activity that deviates from their known normal, including login behavior, MFA methods, too-fast-to-travel locations, mail rule changes, change in email content and tone, unusual email recipients, and more. This behavioral analysis uncovers subtle anomalies to precisely detect compromised accounts.

Detects Image

Recreates the Crime Scene in Detail


Abnormal creates a case file of the account takeover diagnosis to organize the evidence for manual review. The analysis includes signals across email systems, Active Directory, devices, browsers, applications and more to provide a conclusive judgment and enable security teams to take broader downstream actions to mitigate the damage.

02 ato infographic

Kicks Attackers Out of Hijacked Accounts*


Only Abnormal ejects users out of compromised email accounts by automatically blocking account access, triggering a password reset, and signing out of all active sessions. Administrators can choose to auto-remediate compromised accounts or manually review cases.

*Currently available only for Microsoft 365.

02 ato infographic 2

Remediates Emails Sent From
Compromised Accounts


When malicious emails from compromised accounts are sent to other employees, Abnormal automatically remediates them to hidden folders so users cannot see or engage with them. Unlike secure email gateways, Abnormal has full visibility into internal-to-internal email traffic, empowering you to inspect and remediate malicious lateral messages.

02 ato infographic 3

Deployment Outcomes


Costs Mitigated



Average cost savings with each compromised account remediated.

Dwell Time Eliminated

6 Seconds


Time to remediate compromised accounts post-detection.


Trusted by Global Enterprises

Abuse Mailbox Analyzed Current Pages

Detect, Disable, and Remediate Compromised Accounts.

With an AI-based approach to detection, you can catch account takeover attempts that other solutions miss.


Abnormal Resources

B Troy H Webinar 09 19 22
In this webinar, Abnormal CISO Mike Britton is joined by Troy Hunt, an expert in compromised credentials and the brains behind, to examine account takeover attacks.
Watch Now
B Account Takeover 08 22 22
Even one successful compromised account can start a cascade of other internal and external attacks, making it possibly the most dangerous email threat organizations face.
Download Now
B 1500x1500 Email Security Datasheet L2 R1
Prevent costly data breaches by detecting and mitigating email account takeovers in real time.
Read More
B Gartner Highlights 1
The Gartner Market Guide for Email Security explains what integrated cloud email security (ICES) solutions are and why they’re essential for modern enterprises. Download a copy now to learn why enterprises are moving away from the SEG.
Read More
B Account Takeover Blog 08 22 22
Learn how threat actors execute account takeovers, how they exploit compromised accounts, and what you can do to reduce your risk.
Read More
B 04 1 22 Sophisticated Lateral Phishing Email Attacks
See how the Abnormal platform has improved the effectiveness of lateral attack detection and how it stops the most advanced attacks.
Read More