Whether you’re an individual who uses email for online banking and shopping, or a business relying on email to manage payments and invoicing, you should know about Business Email Compromise (BEC).
BEC is a type of email scam in which an attacker targets a person or business to steal data or sensitive information, then attempts to defraud victims by fooling them into making payments or changing banking details by impersonating trusted senders, including employees, vendors or companies.
Strong email security can help protect sensitive private information, business operations and customers.
In response to the BEC threat, the Australian Cyber Security Centre has updated easy-to-follow email security guides with simple steps and visual guides to help Australians keep their email secure.
The guides include Email Attacks Prevention, Email Attacks Emergency Response, Securing Google and Microsoft Accounts, and How to Check Your Email Account Security – for Outlook and Gmail.
To help stay ahead of BEC, there are simple things that you can do to strengthen your email security:
- Set secure passphrases for each account.
- Set-up multi-factor authentication.
- Exercise caution when opening attachments or links.
- Think critically before replying to requests for money or personal information.
- If you’re a business, establish clear processes for workers to verify and validate requests for payment and sensitive information.
Test your ability to spot a scam using the email security quiz on the BEC landing page.
The ACSC recently signed a memorandum of understanding with the UK’s National Cyber Security Centre to leverage their Exercise in a Box scheme and make it available soon to Australian businesses.
This online tool will help Australian organisations of any size find out how resilient they are to cyber attacks. It will also help them test and practise their cyber incident response in a safe environment.