Email Account Compromise (EAC)


Email Account Compromise is a sub-fraud of Business Email Compromise (BEC), this type of fraud is only different from BEC in the way that in BEC the scammer tries to pretend to be someone else, while in EAC, the scammer has full access to the specific email account and no longer needs to impersonate anybody.

Attack surface

Email account compromises can happen in two ways, one is social-engineering and with data-breach. Social-engineering being harder to pull off, but possible, although it’s much harder to gain access. Data-breach however, is much more likely to be the cause of EAC.


The prevention methods are simple, for social-engineering, is to not give your passwords to anyone, and for data-breach is to change your password immediately or deactivate the email that has been compromised.

More to explore