Trustifi’s Account Takeover Protection acts as a 3rd layer of protection for your mailbox, in addition to the outbound encryption and Inbound Shield systems. Full usability of the Account Takeover Protection module requires an integration with Trustifi’s outbound relay to be effective.
When Account Takeover Protection is enabled, Trustifi will first create a baseline of each user’s normal email activity. This baseline includes (but is not limited to): normal activity hours, devices used to send and open emails, locations from which emails are opened, and domains that are in frequent contact.
After a baseline has been established, Trustifi will monitor user activity and look for any activity that does not match the “normal” pattern for this user – for example, an email being opened from a new or suspicious location. This activity will be logged as suspicious and a potential sign of the user’s mailbox being compromised.
Depending on the admin configuration, a suspicious activity event can trigger a notification sent to the user or the admin (or both), or the user can be automatically blocked.
Users and admins can use the information from these alerts to check for any other signs of suspicious activity, take steps to improve mailbox security, and even block the user from sending emails until the potential security breach is resolved.