Compromised Accounts (Anomaly) Workflows

When Avanan detects a high-confidence compromised account, it automatically re-inspects the user's emails for the last three hours.

As these emails are more suspicious of being malicious, the Anti-Phishing security engine performs this inspection with increased sensitivity.

If it detects phishing emails sent from this user, it takes remediation action based on the policy applied to the user.

  • If the policy is in Detect mode, it takes no action.

  • If the policy is in Prevent (Inline) or Detect & Remediate mode, it quarantines the email.