Content complexity Simple This rating relates to the complexity of the advice and information provided on the page. If you have been hacked or impersonated, you should alert your contacts (such as customers, colleagues, suppliers, family and friends). This will help them recognise suspicious activity and disregard fraudulent emails such as those that refer to changing of bank details, requests for large payments or unusual links or attachments. For a templated email response please see the text below: To our contacts, We have recently identified that <insert your organisation’s name> has been a target of fraudulent cybercriminal activity. We became aware on <insert incident date(s)>, that a malicious actor sent emails to our contacts impersonating our business and our staff. These emails may have related to <insert incident details, such as “invoices, requests for large transfers, or to change banking details for payments”>. The emails were sent by the following email address: <insert hacked or impersonated email address> If you received an email from <insert your organisation’s name> that matches this description, please ignore the email’s content and send it to us for further investigation. You may want to check with your bank whether any payments were made to the fake invoice or the fraudulent bank details. We encourage all of our contacts to remain vigilant and pay close attention to any suspicious emails. The cybercriminal may be copying our email signatures, our names, and our email addresses. If you receive an email from <insert your organisation’s name> and are not sure if it’s legitimate, please contact us for confirmation using a phone number you know to be correct. Sincerely, <Insert your organisation’s name> If your email account has been compromised and has caused serious harm to your contacts, you may have further mandatory reporting requirements to your customers, as well as legal obligations to report a data breach to the Office of the Australian Information Commissioner (OAIC). For further information on the OAIC’s Notifiable Data Breaches scheme, please visit the OAIC website. An icon to indicate an area of information Refer to the OAIC and seek legal support regarding mandatory reporting obligations: www.oaic.gov.au If you have been the victim of identity theft, contact IDCARE - idcare.org or 1800 595 160. It is a free government funded service to assist you. Previous step Next step