Email Account
Takeover Protection Features


When attackers compromise email credentials, the possibilities are endless. Detect and mitigate email account takeovers in real time when you combine Abnormal Inbound Email Security with the Email Account Takeover Protection add-on module.


Real-Time Disarming

When an attack is in progress, and an account has been taken over, there is no time to waste. Abnormal can be configured to automatically remediate account takeovers in progress. A positively identified compromised account will be immediately signed out of all open sessions, the user will be blocked from account access, and the password will be reset.

*This feature available for Microsoft 365 customers only.

Account Takeover Discovery

Abnormal identifies unusual user activity across files, devices, applications, and more in Microsoft 365 and Google Workspaces environments. By assessing abnormalities in user login locations, devices used for work, email content and tone, and mail filtering rules and configurations, Abnormal makes the determination on whether or not an account has been compromised.

Account Takeover Investigation

Once an account takeover has been detected and remediated, your team will most likely need to open a detailed investigation into the compromise to understand what parts of the business may have been affected and where a breach may have occurred. Abnormal Account Takeover Protection automatically opens an Abnormal Case. The case is enriched with a detailed activity timeline, plotting when suspicious events occurred and remediation steps taken.

Lateral Phishing Detection and Remediation

Lateral phishing attacks are some of the most difficult to detect as East-West (internal) email traffic is invisible to most traditional security solutions. Abnormal’s lateral phishing compromise detection capability uses signals such as unusual email tone and content, changes to internal sender location and devices, alongside other real-time activity to automatically find and remediate malicious email communications originating from inside the corporate perimeter. Once these emails are discovered, they are rerouted to a hidden folder where employees cannot access them.


See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

See a Demo
Integrates Insights Reporting 09 08 22