User accounts that display unusual activity, have been detected on the dark web, or that have been targeted by malicious email campaigns may be compromised and require immediate attention.
Operations Dashboard assesses user accounts for any activity that may indicate potential account compromise. If an assessment of an account highlights events with a "High" or "Medium" risk level, the account and risk type information displays in the Account Compromise Indicators table.
The following table outlines the indicators associated with potential account compromise and the related data sources.
Indicator |
Description |
Data Source |
Target |
---|---|---|---|
Leaked account |
The detection of a user's account on the dark web |
|
|
Suspicious user activity |
Activity that may indicate the malicious intent of a user that purposefully creates anomalous activity |
|
|
Targeted user account |
The most at risk user accounts that exhibited high risk anomalous activities or were specifically targeted by malicious email campaigns during the evaluation period |
|
|