Email sits at the center of modern life. Banking alerts. Account passwords. Shipping confirmations. Conversations with coworkers, family, vendors, and service providers. Over time, it becomes something like a digital junk drawer — a place where everything ends up.

That is exactly what makes it so valuable to attackers.

$43 billion. That’s the amount lost globally to business email compromise schemes between 2016 and 2021, according to the Federal Bureau of Investigation (Business Email Compromise: The $43 Billion Scam, 2022). Many of these incidents begin with a single compromised email account.

When an attacker gains access, they are not just reading messages. They can reset passwords, intercept financial communications, and move into other accounts. Email often becomes the starting point for broader account takeover.

Most compromises begin with something simple. A convincing phishing message. A fake login page. A password reused from another site that was previously breached. Once an attacker gains access, they may quietly monitor messages, create hidden mailbox rules, or forward emails to another address. The goal is usually to stay unnoticed long enough to gather useful information.

Why These Attacks Work

These attacks are effective because they rely on routine behavior, not technical weaknesses or software vulnerabilities.

Email is used quickly and often without a second thought. Messages are read between meetings or at the end of a long day, and attackers take advantage of that pace.

A message may appear to come from a trusted vendor, a login page may look identical to the real thing, and a request may match an ongoing conversation—creating a situation where nothing feels out of place.

More often than not, it comes down to timing. The message arrives when someone is busy, distracted, or expecting a response, which makes it easier to trust without a second look.

Attackers also tend to be patient, taking time to observe communication patterns and understand how conversations typically flow before taking action.

For businesses and producers, that moment is often tied to payments. An attacker may step into an existing conversation with a supplier, buyer, or customer and send updated payment instructions that appear legitimate. The request aligns with expectations, the language feels familiar, and nothing raises concern—until the payment is sent to the wrong account.

For individual customers, the impact may look different but can be just as serious, as a compromised email account can allow an attacker to reset passwords, access financial accounts, or send messages that appear to come directly from the account holder.

There is often no immediate warning, only the realization after the damage is done.

What to Watch For

While email compromises are often subtle, there are warning signs that something may be wrong.

Unexpected password reset emails are often one of the first indicators. These may suggest someone is attempting to access linked accounts.

Changes in email behavior can also signal an issue. Messages that are missing, automatically moved, or marked as read without action may point to unauthorized mailbox rules.

For businesses and producers, requests to change payment instructions should always be verified through a secondary method, such as a phone call to a known contact. Even small changes in wording or timing can be a sign of interference.

Unfamiliar login alerts or notifications from new locations should be taken seriously. These are often early indicators that access has already been gained.

Recognizing these signs early can prevent further impact.

If Your Email Account Has Been Compromised — or You Want to Strengthen It

If you suspect unauthorized access to your email account, or want to strengthen your account security, the following steps can help protect your information and reduce risk.

1. Use a strong, unique password

Your email password should be different from every other account you use. Reusing passwords creates a chain reaction—if one account is exposed, attackers often try the same credentials elsewhere.

Consider using a passphrase made of several unrelated words. Longer passwords are generally more difficult to crack and easier to remember.

2. Turn on Multi-Factor Authentication (MFA)

Multi-Factor Authentication adds a second step when signing in, such as a code sent to your phone or generated by an authentication app.

Even if someone discovers your password, MFA makes it far more difficult for them to access the account.

3. Sign out of all devices if you suspect unauthorized activity

Many email services allow you to sign out of all active sessions. If you believe someone may have accessed your account, changing your password and logging out all devices forces every user to sign in again.

This step is especially important if an attacker has already gained access, as it prevents them from staying connected through an existing session.

4. Check mailbox rules and forwarding settings

Attackers often create hidden email rules to help them stay undetected. These rules may automatically move messages into folders like Junk, Archive, or RSS feeds. Others may forward copies of emails to an outside address.

Review your mailbox rules periodically to confirm nothing unfamiliar has been added.

5. Review recent sign-in activity

Most major email providers allow you to see recent login activity, including locations and devices. If you notice a login from an unfamiliar location or device, take action right away by resetting your password and reviewing your account settings.

How We Help Protect You

At GreenStone, we take steps to help protect our customers from fraud. For example, we use call-back procedures on wire requests to confirm payment instructions before processing transactions.

GreenStone will never ask you in an email to provide sensitive information such as your PIN, account number, Social Security number, username, or password.

If you receive a message or phone call asking for this type of information, do not respond—even if it appears to be from GreenStone or another financial institution.

If you are unsure, contact us directly using a known and trusted phone number.

Looking Ahead

Email remains one of the most common entry points for fraud because it offers something attackers value most — access without resistance.

For both customers and producers, the risk is not just the account itself, but everything connected to it. Financial systems, vendor relationships, and personal information all flow through a single inbox.

That “digital junk drawer” most of us rely on holds more than we realize. And once access is gained, it does not take long for that access to expand.

The good news is that this risk is manageable. A few consistent actions — strong passwords, multi-factor authentication, and regular account review — can prevent many of the most common incidents.

Securing your email is not just a technical step. It is one of the simplest ways to protect your operations, finances, and relationships.

 

To view the rest of the 2026 spring Partners articles please click here.