Skip to main content

What to do if your business has been targeted by email fraud or compromise

Icon of a book with an information symbol on it

This guide has simple steps to follow if you are a victim of an email attack - whether that attack is hacking your email account or impersonating you by another method.

Maybe a friend, colleague, or service provider has received a suspicious email from ‘you’, but you didn’t send it. The email may request payment for an invoice or ask to change bank account details.

Alternatively, maybe you noticed you are receiving unusual emails in your own email account. They may be about suspicious login activity or unexpected password resets. You might have also noticed emails have been deleted or moved to different folders.

These could be indicators of business email compromise (BEC).

The first section will teach you how to respond to an email security incident and how to limit damage. The second part will help you protect yourself in the future.

Some of these steps may not be applicable to every situation, consider your circumstances to determine whether you should complete the relevant step(s).

Protect yourself against the next attack

Learn how to increase your email security so that you are not vulnerable.

Was this information helpful?
Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it