In Emergency Call:
North America: 1-202-998-6155
Australia: +61-7-3497-3056
UK: +44 330 818 8665
Immediate Action Required: Critical Evidence May Disappear Within Days
Critical evidence inside Microsoft 365 can disappear in only a few days if it is not preserved immediately. Attackers rely on these short retention windows to erase their activity and prevent investigators from discovering how the breach occurred. Every hour that passes increases the likelihood that key audit trails, mailbox logs, and system events will be permanently lost.
Microsoft Office 365 or Google Gsuite?
Most business email compromise attacks are against Microsoft Office 365, but if you use Google G suite, the instructions below are similar.
If You Are Not Fully Confident, Request Expert Assistance Now!
Business Email Compromise incidents are extremely time sensitive. If the attacker accessed a mailbox, there is a real possibility they may still be inside your system, monitoring conversations, altering financial instructions, or preparing a second stage attack.
If you are not completely confident in identifying and preserving the required evidence, you should request professional assistance right away. Acting quickly can be the difference between containing the breach or suffering additional financial and reputational damage.
Request emergency triageWhy Time Is So Critical
Microsoft 365 does not retain all logs for long periods by default. Some categories of evidence may expire within days. Once that data is gone, even the most skilled investigator may be unable to reconstruct what happened, which can affect insurance claims, legal actions, bank fraud investigations, and internal accountability. Attackers count on this. The longer the delay, the easier it becomes for them to cover their tracks, escalate access, and impersonate key staff. Swift action protects your organization, your financial assets, and your ability to pursue justice.
Financial Fraud Escalation: Stolen Funds Are Often Converted to Cryptocurrency Quickly
Almost all Business Email Compromise schemes now involve rapid conversion of stolen funds into cryptocurrency to speed laundering and avoid recovery actions. Once the transfer process begins, the window for successful interruption is extremely narrow.
Our triage team bypasses the bureaucratic delays that come with waiting for overwhelmed law enforcement agencies to enter event, we work directly with fraud units at major banks, cryptocurrency exchanges, and blockchain tracing partners. In some cases, we can move faster than traditional reporting channels and get in front of the transfer pathway before funds disappear into unregulated offshore exchanges or nested laundering networks.
If your organization has already sent a wire transfer, or suspects that funds may have been redirected, contact us immediately. Early intervention significantly increases the chance of freezing or recovering stolen assets before they vanish permanently.
We Are Ready to Help
If you have reached this page, your report has been received and time is of the essence. Our team can begin emergency triage, preserve the evidence required for internal, legal, or law enforcement actions, and initiate the financial tracing workflow used to stop or recover fraudulent transfers.
Credibility Validated by Global Law Enforcement.
Case: RX3817001
We relied heavily on the Rexxfield report in writing up our justification for why we wanted to open this case as your products made it very clear that there was significant ongoing criminal conduct targeting a victim in [location redacted]. Also to Rexxfield’s credit, the complex frauds unit at [location redacted] was eager to open based in part on your work.
[Name redacted]
** the FBI does not officially endorse Rexxfield or our products. Rexxfield is a source, not a law enforcement agent. This feedback is provided by an individual FBI field agent, and it does not necessarily represent the views or position of the FBI more broadly.
Case: RX153836711075
Thank you for sending over the Digital Asset Trace Report and supporting attachments…
After reviewing your team’s findings, I can confirm that they align with the results of my own investigation. Your analysis reinforces the direction of our ongoing work and provides valuable corroboration for the data we’ve developed internally. Please extend my thanks to your team for the support and professionalism on this case. Your assistance and the resources you’re able to provide are greatly appreciated.
TFO, United States Secret Service
Cyber Fraud Task Force
** the FBI does not officially endorse Rexxfield or our products. Rexxfield is a source, not a law enforcement agent. This feedback is provided by an individual FBI field agent, and it does not necessarily represent the views or position of the FBI more broadly.
Case: See case study
Thank you for sending over the Digital Asset Trace Report and supporting attachments…
After reviewing your team’s findings, I can confirm that they align with the results of my own investigation. Your analysis reinforces the direction of our ongoing work and provides valuable corroboration for the data we’ve developed internally. Please extend my thanks to your team for the support and professionalism on this case. Your assistance and the resources you’re able to provide are greatly appreciated.
US Marshall –
Maryland State Police
** the FBI does not officially endorse Rexxfield or our products. Rexxfield is a source, not a law enforcement agent. This feedback is provided by an individual FBI field agent, and it does not necessarily represent the views or position of the FBI more broadly.
Case: RX153836711075
Thank you for sending over the Digital Asset Trace Report and supporting attachments…
After reviewing your team’s findings, I can confirm that they align with the results of my own investigation. Your analysis reinforces the direction of our ongoing work and provides valuable corroboration for the data we’ve developed internally. Please extend my thanks to your team for the support and professionalism on this case. Your assistance and the resources you’re able to provide are greatly appreciated.
TFO, United States Secret Service
Cyber Fraud Task Force
** the FBI does not officially endorse Rexxfield or our products. Rexxfield is a source, not a law enforcement agent. This feedback is provided by an individual FBI field agent, and it does not necessarily represent the views or position of the FBI more broadly.
Case: See case study
We relied heavily on the Rexxfield report in writing up our justification for why we wanted to open this case as your products made it very clear that there was significant ongoing criminal conduct targeting a victim in [location redacted]. Also to Rexxfield’s credit, the complex frauds unit at [location redacted] was eager to open based in part on your work.
US Marshall –
Maryland State Police
** the FBI does not officially endorse Rexxfield or our products. Rexxfield is a source, not a law enforcement agent. This feedback is provided by an individual FBI field agent, and it does not necessarily represent the views or position of the FBI more broadly.
Not sure if our Business Email Compromise Investigations can help you?
Get a free case consultation to discuss your options.
BOOK A FREE CONSULTATION