Confirm the inbox is actively compromised

    Business Email Compromise (BEC) attackers usually sit quietly in the inbox for days before launching invoice scams. Confirming what's been sent and what rules they've planted is step one.

    Where attackers hide

      • Forwarding rules that send copies to an external address
      • Filters that auto-delete replies from finance teams
      • OAuth-connected apps that re-establish access if you change the password
      • Hidden delegated-mailbox permissions

    More from Communications Security

    No image

    Make the next phishing email harmless

    Use a password manager, hardware key and email aliases so a single phish can't cascade.
    No image

    Find out which address or list got leaked

    A sudden spam wave usually has a single source — find it before you start filtering.
    No image

    Use specialised victim resources

    Sextortion has dedicated services — they're free, confidential and fast.