Overview
To give you a feel for how EchoMark works, it's important to run a sample investigation. We will be walking through sample investigations using an email integration. If you haven't yet, please go through the Configure Email Integration for Microsoft Exchange or Configure Email Integration for Google Workspace steps first.
Step 1: Draft an email
Let's run through an end-to-end example of a leak investigation. To start, draft a new email message using the following email text.
Add as attachments to the email the following documents:
Add yourself as a recipient to the email. We will use the email you receive to simulate a leak. Add at least 3 other email addresses as well. Note, if you send this to others in your organization, they will be aware that EchoMark is being used. Both internal and external recipient email addresses will work.
If you are using Google Workspace, the recipient email used to simulate the leak must be different from the email used for sending. The Google Workspace client de-duplicates emails sent to yourself and will only show you the Sent original email.
Before clicking send, make sure this email will trigger the mail rule you configured above. For example, if the mail rule is triggered by "#echomark" in the subject, make sure to include that in the email subject. After double checking the mail rule criteria, send the email.
Step 2: Run sample leak investigations
In the examples below, we will simulate leaks using the individualized email that you received. Please ensure that you are viewing the individualized email that you received from the step above and not the original email in the sent folder. Your individualized email will have a footnote at the bottom that indicates the email was individualized by EchoMark.
Text investigation
- Copy a paragraph of text from your individualized email.
- Go to https://app.echomark.com/leaks and click on New Investigation on the upper right. Choose "Email message" and "Text" as shown below, and click Next.
- Paste the text you copied from your email into the text box and click Next.
- On the "Which message leaked?" dialog, select the email that you sent in Step 1 and click Select.
- Observe there is a High Confidence Match that identifies your email based on the Textual Watermark Detector.
Screenshot investigation
- Go to the individualized email you received and open the attachment for "Getting Started Sample image.jpg". Double check that this is the individualized email by looking for the footnote and not the original email in the Sent folder.
- Take a screenshot of a majority of the image. Below is an example of how much of the image should be captured.
-
Go to https://app.echomark.com/leaks and click on New Investigation on the upper right. Choose "File or attachment" and click Next.
- Upload the screenshot you just took of the image and click Next.
- On the "Which file leaked?" dialog, choose "Getting Started Sample image.jpg" and click Select.
- Observe there is a High Confidence Match that identifies your email based on the Invisible Watermark Detector.
Camera phone investigation
- Go to the individualized email you received and open the attachment for "Getting Started Sample PDF.pdf". Double check that this is the individualized email by looking for the footnote and not the original email in the Sent folder.
- Take a camera phone picture of a majority of the PDF. Below is an example of how much of the PDF should be captured.
- Go to https://app.echomark.com/leaks and click on New Investigation on the upper right. Choose "File or attachment" and click Next.
- Upload the camera phone image you just took of the PDF and click Next.
- On the "Which file leaked?" dialog, choose "Getting Started Sample PDF.pdf" and click Select.
- Observe there is a High Confidence Match that identifies your email based on the Invisible Watermark Detector.