top of page

Work email for personal accounts: why that could be risky…

Globally, a trend has been identified involving employees using their corporate email accounts to register for personal online accounts or services, which often include the re-use of passwords. But why is this a risky move?

Using initial access brokers, breach forums and data dumps, threat actors are leveraging this type of behaviour and are using it to gain initial access into a network.

Valid account credential abuse has been an established technique for a long time and with the growth of online services and platforms, this type of activity has only increased.

Normally, to access certain sites or resources online, individuals are required to sign up using an email address. The risk faced with this is the potential for threat actors to gain access to these credentials.

Threat actors use a wide range of techniques to collect exposed corporate credentials, with one common way involving scraping for breached credentials from third parties.

This data would normally get displayed on dark web forums, breach data bases or held on to by initial access brokers which would offer the data for monetary sum. These credentials can then be used in later attacks. Access to this information can often be quite easy, requiring little skill, making it an even bigger threat to organisations globally.

There are several benefits to threat actors for using stolen credentials for initial access, one being defence evasion. With valid user credentials, they can bypass security controls and are able to conduct malicious activities. This can then lead to lateral movement and privilege escalation, to achieve the attackers’ goals.

Defending against this type of activity can be challenging, as often there is a lack of visibility on which credentials could have been breached. Without the correct security controls such as MFA, threat actors can easily enter a network undetected.

The best preventative measure for this type of activity is to educate end users of the dangers of using corporate email accounts for third party platforms, as well as the dangers of re-using passwords.

Ensuring MFA is mandatory on accounts will also provide an extra layer of security and detection capability.

  • Need to train your staff on some basic cyber awareness? Check out our security awareness training and get in touch to book your session and have your employees trained to become the first barrier against cyber crime.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).


The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page