Email Exposure Check Pro

Find out which of your users emails are exposed before the bad guys do.

Have Your Users Made You an Easy Target for Spear Phishing?

Many of the email addresses and identities of your organization are exposed on the internet and easy to find for cybercriminals. With that email attack surface, they can launch social engineering, spear phishing and ransomware attacks on your organization. 

Email Exposure Check Pro (EEC) identifies the at-risk users in your organization by crawling business social media information and hundreds of breach databases. This is done in two stages:

First Stage
Does deep web searches to find any publicly available organizational data. This will show you what your organizational structure looks like to an attacker, which they can use to craft targeted spear phishing attacks.

Second Stage
Finds any users that have had their account information exposed in any of several hundred breaches. These users are particularly at-risk because an attacker knows more about that user, up to and including their actual passwords!

Your EEC Pro Reports
We will email you back a summary report PDF of the number of exposed emails, identities and risk levels found. You will also get a link to the full detailed report of actual users found, including breach name and if a password was exposed.

Getting your EEC Pro will only take a few minutes and is often an eye-opening discovery. 


Get Your Free Email Exposure Check Pro  

The Email Exposure Check Pro is a one-time free service. KnowBe4 will email you back a report containing the list of exposed addresses and where we found them within 2 business days, or sooner!

NOTE: KnowBe4 will need a valid email address from the domain of your own organization, so Gmail, AOL, Yahoo or any other ISP cannot be accepted.

Download your free Email Exposure Check Pro here:

What is the Email Exposure Check?

Email Exposure Checks are special searches done by KnowBe4 to help companies get a better understanding of what kinds of information is publicly available about their company or users. These are general searches done using special parameters and we will attempt to return any data that resembles a company email address. This includes searching publicly available forums or archives, as well as any publicly available files including documents (word, excel etc.) that contain something resembling an email address from your company.

Some key points to keep in mind about Email Exposure Checks:
These searches are approximate, meaning you may find that some of the information you’ve been provided is not relevant or seemingly helpful. There may be old email addresses, wrong email addresses or commonly, publicly available email addresses such as “” or “”. 

How can you use an Email Exposure check?

The Email Exposure Check is helpful in a variety of ways.  You can use it to get an idea of possible high-risk phishing targets. Anything we’re returning to you in the check is publicly available, meaning programs written to scrape email addresses will be able to gather this information as well.  You may find that email addresses are showing up that are no longer in use, or that are not even valid email addresses for your domain. That is normal and OK.  One possibility is to create “honeypot” email addresses out of these and use them to determine what types of malicious emails may be coming your way. This can help you stay aware of the types of attacks or phishing emails you may be receiving at your other, valid email addresses – without exposing your employees to them first.

What do I do about removing the information from the internet?

First, you may find that many of the emails we’re returning have come from your own organization’s website.  If you wish, you can remove these yourself, however this is entirely your decision.  More commonly you will be concerned with removing emails found on external websites or directories that you do not control. It is recommended you contact the site owners of those external sites. If you cannot get these emails removed, then you now know which emails you need to be aware of perhaps deactivating or possibly just notifying the users of those addresses that they may be subject to an increased amount of phishing and/or email based attacks.