Business Email Compromise (BEC) 

Australians and Australian businesses should be aware of Business Email Compromise (BEC) threats this tax time. BEC occurs when cybercriminals access email accounts to steal your sensitive and financial information, or commit fraud by impersonating employee or company email accounts to obtain money or data. 

What can you do?

Preventative and protective measures are simple, cost effective and immediately beneficial.

The ACSC is encouraging Australian individuals and businesses to strengthen their email security by taking the following steps:

  • Set secure passphrases for each account.
  • Set-up multi-factor authentication.
  • Exercise caution when opening attachments or links.
  • Think critically before actioning requests for money or sensitive information.
  • If you’re a business, establish clear processes for workers to verify and validate requests for payment and sensitive information.

Use the ACSC’s learning resources  

Individuals and businesses can learn how to protect their email accounts and know what to do after an email attack by using our easy-to-follow guides found here, including:

Protect your Personal Email.

Outlook and Gmail Email Security Checks

It’s always a good idea to check your email accounts for unusual activity;

Use the following links to check this your self;

Some banks and crypto accounts allow – Geo-locking. (Detect impossible travel.)

Set an extremely difficult maximum length password for all your personal email accounts.

Remember all of your Bank accounts are probably linked to a free email service and anyone with access to your email could request a new password to all of your accounts.  Most banks don’t even have MFA. Have a good sleep.

Setup Yubikey based on FIDO and buy a few for your family.