Skip to main content

ACSC has launched a new campaign on Business Email Compromise

With the end of the financial year ushering in tax season, Australians are urged to strengthen their email security and be alert to criminals trying to fool them into making false payments or giving up details that could make them an easy target for cyber crime.

Whether you’re an individual who uses email for online banking and shopping, or a business relying on email to manage payments and invoicing, you should know about Business Email Compromise (BEC).

BEC is a type of email scam in which an attacker targets a person or business to steal data or sensitive information, then attempts to defraud victims by fooling them into making payments or changing banking details by impersonating trusted senders, including employees, vendors or companies.

Strong email security can help protect sensitive private information, business operations and customers.

In response to the BEC threat, the Australian Cyber Security Centre has updated easy-to-follow email security guides with simple steps and visual guides to help Australians keep their email secure.

The guides include Email Attacks Prevention, Email Attacks Emergency Response, Securing Google and Microsoft Accounts, and How to Check Your Email Account Security - for Outlook and Gmail.

To help stay ahead of BEC, there are simple things that you can do to strengthen your email security:

  • Set secure passphrases for each account.
  • Set-up multi-factor authentication.
  • Exercise caution when opening attachments or links.
  • Think critically before replying to requests for money or personal information.
  • If you’re a business, establish clear processes for workers to verify and validate requests for payment and sensitive information.

Test your ability to spot a scam using the email security quiz on the BEC landing page.

The ACSC recently signed a memorandum of understanding with the UK’s National Cyber Security Centre to leverage their Exercise in a Box scheme and make it available soon to Australian businesses.

This online tool will help Australian organisations of any size find out how resilient they are to cyber attacks. It will also help them test and practise their cyber incident response in a secure environment.

Australian businesses and organisations are encouraged to join the ACSC Partnership Program to receive timely cyber alerts, advice, and engagement opportunities to help boost their cyber resilience.

Australians should report cybercrime, including BEC incidents, to ReportCyber. The ACSC is contactable 24/7 by calling the Australian Cyber Security Hotline on 1300 CYBER1 (1300 292 371).

By reporting cybercrime and working together, every Australian and Australian business can help make Australia a more secure place to connect online.