Email Exposure Check

Which email addresses are exposed on the Internet and are a target for phishing attacks?

Today, your employees are frequently exposed to advanced phishing attacks. Trend Micro reported that 91% of successful data breaches started with a spear-phishing attack.

Are you aware that many of the email addresses of your organization are exposed on the Internet and easy to find for cybercriminals? With these addresses they can launch social engineering, spear- phishing and ransomware attacks on your organization. This type of attack is very hard to defend against, unless your users get new-school security awareness training.

Security Awareness Training

The more email addresses that are exposed, the bigger your attack footprint is, and the higher the risk. It’s often a surprise how many of your addresses are actually out there.

Sign Up For Your Email Exposure Check

The Email Exposure Check is a one-time free service. KnowBe4 will email you back a report containing the list of exposed addresses and where we found them within 2 business days, or sooner!

NOTE: KnowBe4 will need a valid email address from the domain of your own organization, so Gmail, AOL, Yahoo or any other ISP cannot be accepted.

Download your free Email Exposure Check here:

What is the Email Exposure Check?

Email Exposure Checks are special searches done by KnowBe4 to help companies get a better understanding of what kinds of information is publicly available about their company or users. These are general searches done using special parameters and we will attempt to return any data that resembles a company email address. This includes searching publicly available forums or archives, as well as any publicly available files including documents (word, excel etc.) that contain something resembling an email address from your company.

Some key points to keep in mind about Email Exposure Checks:
These searches are approximate, meaning you may find that some of the information you’ve been provided is not relevant or seemingly helpful. There may be old email addresses, wrong email addresses or commonly, publicly available email addresses such as “” or “”. 

How can you use an Email Exposure check?

The Email Exposure Check is helpful in a variety of ways.  You can use it to get an idea of possible high-risk phishing targets. Anything we’re returning to you in the check is publicly available, meaning programs written to scrape email addresses will be able to gather this information as well.  You may find that email addresses are showing up that are no longer in use, or that are not even valid email addresses for your domain. That is normal and OK.  One possibility is to create “honeypot” email addresses out of these and use them to determine what types of malicious emails may be coming your way. This can help you stay aware of the types of attacks or phishing emails you may be receiving at your other, valid email addresses – without exposing your employees to them first.

What do I do about removing the information from the internet?

First, you may find that many of the emails we’re returning have come from your own organization’s website.  If you wish, you can remove these yourself, however this is entirely your decision.  More commonly you will be concerned with removing emails found on external websites or directories that you do not control. It is recommended you contact the site owners of those external sites. If you cannot get these emails removed, then you now know which emails you need to be aware of perhaps deactivating or possibly just notifying the users of those addresses that they may be subject to an increased amount of phishing and/or email based attacks.