User Tools

Site Tools


e-mail_monitoring

E-Mail Monitoring

Introduction

A phishing attack against your employees is usually preceded by a short phase of reconnaissance of the targets. In targeted spear phishing attacks, fraudsters often take data from employees’ social media profiles. There are also email lists offered in hacker forums, and lastly, there are a number of hacking tools that search the Internet and Dark Web for information on the targets.

Higher-ranking CEOs & C-suite executives are usually more exposed to the public (their profile can often be found on the organization’s website), making them easier targets. For all other departments and employee types, it is difficult to assess the steps an attacker has to take to gather the information they need to reach their target. Only if you venture to perform the same information gathering as the hacker, can you assess the risk of your employees getting exposed to phishing attacks. The greater an employee’s exposure on the Internet or Dark Web, the higher the likelihood of them becoming a victim of a social engineering attack, like phishing. Employees who register with their names and business email accounts on private websites put the whole organization at risk as this gives the hacker a bigger attack surface.

What is monitored?

In Kaduu, we measure each employee’s exposure on the Internet and note where indications of activities related to the specific email account can be found. We try to find the employee’s email address on the Internet, Deep Web or Dark Net and list the according email references from the websites where we found the account. We then try to investigate how often the email is referenced in different unique sources. The more sources, the bigger the exposure.

What is the benefit?

Everything that helps you reduce your attack surface can also limit future breaches. If you find any employee’s business email account on private websites, you will be able to create targeted user awareness training that helps them understand the consequences of such an exposure.

How does it work?

We have two type of searches:

  • (1) Database search: Kaduu runs a crawler in the background collecting any email adress it finds. This crawler is not looking for any specific email domain, but collects everything. Therefore the data set might be very limited to a specific account.
  • (2) External Search: The external Search will connect to an external authenticated API that will query specificly the domain you entered. You will find more results using the external search.

In both cases you need to enter the company domain with the syntax "domain.com". Please use the TLD used for your email accounts.

e-mail_monitoring.txt · Last modified: 2023/05/22 20:40 (external edit)