The Email Exposure Check Pro (EEC Pro) is a free tool that searches for publicly available information about a domain and compiles that information into a report. This tool finds information from data breaches, your users' social media accounts, online files, and more.
You can use EEC Pro to become aware of vulnerabilities in your organization, such as users who have been involved in data breaches or users who have public email addresses. Cybercriminals can use publicly available information to target your users in social engineering attacks, so EEC Pro reports can help your organization prepare for these attacks.
Please see the sections below for instructions on how to receive and analyze an EEC Pro report.
What Information Does EEC Pro Search For?
EEC Pro searches through three main categories of data for public information that is related to your domain.
Please see below for information about each of these categories.
- Data Breaches: EEC Pro searches through data breaches to see if your users' information has been exposed. If your users continue to use credentials that were exposed in a data breach, your organization may be vulnerable. Cybercriminals can access these credentials to target your users and your organization.
- Online Information: EEC Pro searches through online archives, online files, and online forums. If your users' information is accessible online, your organization may be vulnerable. Cybercriminals can use this information to identify your organizational structure. Then, they can perform targeted social engineering attacks on your organization.
Note: EEC pro searches through the following file types: .PDF, .DOC, .DOCX, .XML, .HTML, .RTF, .ODT, and .Pages.
- Social Media: EEC Pro searches through social media platforms to find accessible information about your users, such as their social media accounts. Users who have accessible social media accounts or who post detailed information on social media may be more likely to receive targeted social engineering attacks.
How to Receive Your EEC Pro Report
Enabling EEC Pro from Your Account Settings
- Go to the Account Settings page in your KnowBe4 console.
- Scroll down to the Email Exposure Check settings.
- Use the Run Scan on this Day of the Month drop-down to select which day of the month you would like to run an EEC Pro analysis.
- Click the Scan User Email Addresses Now to set up or start your EEC Pro analysis.
- Click Save at the bottom of the Account Settings page.
- Navigate to the KnowBe4 Email Exposure Check web page.
- Enter your information into the Send me my Free Report form.
- Click the Send me the report! button. Then, EEC Pro will scan for any public data about your organization. When the scan is complete, you will receive an email from KnowBe4.
- Open the email that contains your EEC Pro results.
- Either click the Click here to view EEC Pro results link to view a detailed report, or click the EEC Pro Results PDF attachment to view a summary of your results.
How to Analyze Your Results
After you click the Click here to view EEC Pro results link, you can analyze your EEC Pro results.
Please see the information below for a breakdown of the sections in your detailed report.
- Exposed: This is the percentage of your users that have exposed information due to data breaches, accessible online information, or social media. This percentage is calculated by adding the Total Emails to the Total Identities and dividing this number by your organization's total number of users.
- Download CSV: Click this button to download a copy of your report as a CSV file.
- Delete Analysis: Click this button to permanently delete the report.
Note: Deleting the report will automatically navigate you to an Analysis deleted! page. Then, you will have to run a new report by following the instructions in the How to Receive Your EEC Pro Report section above.
- Total Emails: This is the number of your users' email addresses that the report found online.
Tip: If an email address in your report is invalid or your organization no longer uses the email address, you can use that email address for receiving and analyzing spam. By viewing the phishing emails that your organization is receiving, you can prepare your users for those types of phishing emails.
- Total Identities: This is the number of your users' social media accounts that the report found online.
- Unique Breaches: This is the number of breaches that your users have been involved in. Please see the Frequently Asked Questions section below for more information about how we obtain our data breach information.
- Very High Risk: This is the number of users who are in the Very High Risk category. Click the drop-down arrow next to each user's name to view information about the user. This information includes breaches that the user has been exposed by, the types of data that were exposed, and the social media URLs that contain the user's information. Please see the About the Risk Distribution section below for more details about this category.
- High Risk: This is the number of users who are in the High Risk category. Click the drop-down arrow next to each user's name to view information about the user. This information includes breaches that the user has been exposed by, the types of data that were exposed, and the social media URLs that contain the user's information. Please see the About the Risk Distribution section below for more details about this category.
- Medium Risk: This is the number of users who are in the Medium Risk category. Click the drop-down arrow next to each user's name to view information about the user. This information includes any social media URLs that contain the user's information. Please see the About the Risk Distribution section below for more details about this category.
- Found Identity: This column contains checkmarks for each user that has an accessible social media account.
- Most Recent Breach: This column contains the date of the data breach that each user was most recently involved in.
- Total Breaches: This column contains the number of data breaches that each user has been involved in.
What Are the Risk Distribution Groups?
After EEC Pro gathers data about your users, this tool will categorize your users into three groups: Very High Risk, High Risk, and Medium Risk. These groups are based on the types of data that EEC Pro finds about your users.
Please see the bullet points below for details about each of groups.
- Very High Risk
EEC Pro found these users in public data breaches that released cleartext passwords or password hashes. Cybercriminals are likely to target these users because they may be able to use their data to gain unauthorized access to your organization's network. Your users may be unaware that their passwords were included in the breach, so they may continue to use these passwords or similar passwords.
- High Risk
EEC Pro found these users in public data breaches that released sensitive personal information, such as email addresses, company background, or phone numbers. Cybercriminals can use this information to create sophisticated social engineering attacks against these users or your organization.
- Medium Risk
EEC Pro found public information about these users on social media, but it did not find these users in any data breaches. Cybercriminals can use social media information for targeted phishing attacks or other social engineering attacks.
Frequently Asked Questions
1) Question: What is a data breach?
Answer: A data breach is the intentional or unintentional release of secure information to an untrusted environment. Often, a data breach occurs because a cybercriminal illegally gathers private data from a system or network by exploiting a vulnerability. Data breaches can expose any sensitive or private information.
2) Question: Where does KnowBe4 find the information about data breaches?
Answer: KnowBe4 partners with Spycloud to search through data breaches and determine what user accounts have been affected. Spycloud is a reputable online resource that allows users to search for their email addresses in about 12,000 different databases to see if their information has become accessible due to data breaches.
3) Question: What should I do with the information in the EEC Pro report?
Answer: Accessible information that involves your organization or your users can increase your organization's vulnerability to a cyber attack.
We recommend that you perform the actions below.
- Train your users on password security, social engineering attacks, and securing personal information.
- Anything that we include in the EEC Pro report is public information, so programs that analyze email addresses can also access this information. Therefore, all of the email addresses in your EEC Pro report are potential phishing targets. You should enroll these users in Security Awareness Training and phishing campaigns to strengthen your organization's human firewall.
- Notify users who are in the Very High Risk and High Risk categories that their information has been exposed by data breaches.
- Please see question 4 below for an email template that you can use to notify these users.
- Request that the users who are in the Very High Risk category change their passwords.
- Many users use the same password for multiple websites, so they may need to change their password for multiple accounts.
- Request that the users who are in the Very High Risk and High Risk categories enable multi-factor authentication.
- Multi-factor authentication provides an additional layer of security, which can help to prevent cybercriminals from accessing your users' private information.
- Remove public information about your organization from the internet.
- If external sites are posting data about your users without your permission, we recommend that you contact the website owners. If these websites are sharing your users' email addresses, you can prepare these users for potential phishing emails.
Answer: You can use the template below to notify users that their information was exposed in a data breach. Please replace the text in brackets and customize any text to fit your organization's needs.
We have discovered that some of your information was exposed in a data breach. A data breach occurs when secure information is released to an untrusted environment. This does not necessarily mean that your data or identity was compromised, but it does mean that your information is accessible. However, there are precautions that you can take to secure your accounts.
At a minimum, we strongly recommend changing your passwords for your online accounts immediately. We also recommend that you set up multi-factor authentication such as [insert recommendation] or a password manager such as [insert recommendation] for an extra layer of security.
Please also be aware that when your information is part of a data breach, cybercriminals may use this information to target you in phishing attacks. Please stay alert, and be cautious of any emails that you receive.