Mailbox compromise is unauthorized access to an email account that allows an attacker to read, send, alter, or monitor messages. It matters because real mailbox access gives attackers trusted presence, conversation history, and direct communication channels for fraud or further compromise.
What is Mailbox Compromise?
Compromised mailboxes can be used for BEC, internal phishing, data theft, password resets, forwarding-rule abuse, and long-term surveillance. Because the account is genuine, detection can be harder than with obvious spoofing alone.
What Mailbox Compromise Commonly Supports
Common uses include incident response, identity-security monitoring, BEC investigation, and conditional-access hardening.
Mailbox Compromise vs. Spoofed Email
Mailbox compromise uses a real account under attacker control. Spoofed email only imitates the sender identity without owning the actual mailbox.
Frequently Asked Questions
Why is mailbox compromise severe?
Because it gives the attacker legitimate-looking access to communication, identity, and often downstream account recovery paths.
What are common signs?
Unexpected forwarding rules, strange login locations, suspicious sent mail, and unusual requests from a real account are common warning signs.
Related Cybersecurity Terms
