Skip to main content

Step 3: Notify contacts and relevant third parties

Content complexity
This rating relates to the complexity of the advice and information provided on the page.
Icon of a loud speaker with noise lines

If you have been hacked or impersonated, you should alert your contacts (such as customers, colleagues, suppliers, family and friends). This will help them recognise suspicious activity and disregard fraudulent emails such as those that refer to changing of bank details, requests for large payments or unusual links or attachments. For a templated email response please see the text below:

To our contacts,

We have recently identified that <insert your organisation’s name> has been a target of fraudulent cybercriminal activity.

We became aware on <insert incident date(s)>, that a malicious actor sent emails to our contacts impersonating our business and our staff. These emails may have related to <insert incident details, such as “invoices, requests for large transfers, or to change banking details for payments”>. The emails were sent by the following email address: <insert hacked or impersonated email address>

If you received an email from <insert your organisation’s name> that matches this description, please ignore the email’s content and send it to us for further investigation. You may want to check with your bank whether any payments were made to the fake invoice or the fraudulent bank details.

We encourage all of our contacts to remain vigilant and pay close attention to any suspicious emails. The cybercriminal may be copying our email signatures, our names, and our email addresses. If you receive an email from <insert your organisation’s name> and are not sure if it’s legitimate, please contact us for confirmation using a phone number you know to be correct.

<Insert your organisation’s name>

If your email account has been compromised and has caused serious harm to your contacts, you may have further mandatory reporting requirements to your customers, as well as legal obligations to report a data breach to the Office of the Australian Information Commissioner (OAIC). For further information on the OAIC’s Notifiable Data Breaches scheme, please visit the OAIC website.

Was this information helpful?
Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it