Email Account Compromise (EAC)

Email account compromise (EAC) is closely related to business email compromise (BEC) but distinct in an important way: rather than spoofing or impersonating an email address, the attacker takes over a real, legitimate email account and uses it to communicate with the victim. Because the messages genuinely originate from a known address, they pass authentication checks and appear entirely credible to recipients who may have an established relationship with the account owner.

EAC typically begins with credential phishing or password stuffing to gain access to the target's email account. The attacker then reads historic conversations to understand relationships, payment patterns, and communication style before composing fraud messages designed to blend into existing threads. Common attacks include redirecting a pending invoice payment to a criminal account, impersonating an executive to authorise a wire transfer, or manipulating a property transaction to divert conveyancing funds.

EAC is particularly devastating in real estate transactions, legal matters, and business supply chains because the sums involved are large and the time window for reversal is short. Mitigations include multi-factor authentication on all email accounts, verbal confirmation of any payment change request using a known phone number (not one provided in an email), and training for anyone who handles financial transactions.