What is the Email Exposure Check (EEC) ?
What is the Email Exposure Check?
Email Exposure Checks are special searches done by KnowBe4 to help companies get a better understanding of what kinds of information is publicly available about their company or users. These are general searches done using special parameters and we will attempt to return any data that resembles a company email address. This includes searching publicly available forums or archives, as well as any publicly available files including documents (word, excel etc.) that contain something resembling an email address from your company.
Some key points to keep in mind about Email Exposure Checks:
These searches are approximate, meaning you may find that some of the information you’ve been provided is not relevant or seemingly helpful. There may be old email addresses, wrong email addresses or commonly, publicly available email addresses such as “firstname.lastname@example.org” or “email@example.com”.
How can you use an Email Exposure check?
The Email Exposure Check is helpful in a variety of ways. You can use it to get an idea of possible high-risk phishing targets. Anything we’re returning to you in the check is publicly available, meaning programs written to scrape email addresses will be able to gather this information as well. You may find that email addresses are showing up that are no longer in use, or that are not even valid email addresses for your domain. That is normal and OK. One possibility is to create “honeypot” email addresses out of these and use them to determine what types of malicious emails may be coming your way. This can help you stay aware of the types of attacks or phishing emails you may be receiving at your other, valid email addresses – without exposing your employees to them first.
What do I do about removing the information from the internet?
First, you may find that many of the emails we’re returning have come from your own organization’s website. If you wish, you can remove these yourself, however this is entirely your decision. More commonly you will be concerned with removing emails found on external websites or directories that you do not control. It is recommended you contact the site owners of those external sites. If you cannot get these emails removed, then you now know which emails you need to be aware of perhaps deactivating or possibly just notifying the users of those addresses that they may be subject to an increased amount of phishing and/or email based attacks.