Free PDF Guide

Your Data Was Exposed. Now What?

Get our free Post-Breach Email Safety Checklist — exactly what to do in the next 24 hours to protect your inbox from scammers.

Free. No spam. You’ll also get early access to InboxGuard.

After every data breach, the scam emails start within days.

When your email address leaks in a breach, attackers don’t just sit on it. They use it. You’ll start seeing:

Fake password reset emails

Pretending to be from the breached company, designed to harvest your new credentials.

“Verify your identity” phishing

Designed to steal even more personal data by impersonating security teams.

Lookalike domains

Sending emails that look almost real — one letter off, easy to miss.

Urgency tactics

“Your account will be closed in 24 hours” — pressure to act before you think.

Most people don’t know what to do. This checklist tells you, step by step.

What you’ll get

Immediate actions

The 5 things to do within an hour of finding out.

Email red flags

Exactly what the scam emails will look like.

Account lockdown steps

Password, 2FA, recovery options, connected apps.

Forwarding rule check

Attackers set these silently — here’s how to spot them.

30-day watch list

What to monitor in the weeks after a breach.

When to escalate

Signs it’s gone beyond email and what to do next.

Built from real breach patterns

This checklist is based on analysis of how attackers exploit breaches like Ticketmaster, AT&T, MOVEit, and dozens of others. It’s what we’d tell a friend.

Don’t wait for the scam email to arrive.

Built by InboxGuard — AI-powered email protection for your Gmail inbox.