Malicious actors may endeavor to obtain access to user email accounts for the purpose of sending malicious emails such as spam or phishing emails. Email accounts that are compromised in this manner are frequently used to send spam and phishing emails as though the emails were actually sent from the user of the compromised account. Malicious emails may be sent to people who are known to the true owner of the compromised account (for example, people in the user's contact list), as well as random users. Because of the significant problems that spam, phishing and other malicious emails cause for users of the web, approaches have been developed to detect compromised accounts. Early detection may be useful for a real user to readily re-gain control of compromised email accounts. The security implications of compromised accounts extend beyond emails to other forms of messaging, such as shared files (for example, photos), secure network activity and the like.