My email has been compromised. What should I do?
Anyone can fall victim to email compromise. If someone gains access to your account, they can gain access to sensitive information. Follow our step-by-step guidance to understand how you can recover, and what you can do to prevent future attacks.
Some of these steps may not be applicable to every situation. Consider your circumstances to determine whether you should complete the relevant step(s).
Not sure if it is an email compromise?
Learn more about business email compromise.
Who should I contact?
Your financial institution
Contact your bank or credit union immediately if you have transferred funds to fraudulent account details, or if your bank account or credit card details are at risk. They may be able to close your account or stop a transaction. Make sure you call them using their official phone number.
ASD's ACSC ReportCyber
Report cybercrimes, security incidents and abuse through ReportCyber. Your report helps to disrupt crime operations and makes Australia more secure. If your money and/or identity is at risk, also notify the relevant services below.
National Anti-Scam Centre - Scamwatch
Report incidents to National Anti-Scam Centre - Scamwatch. Your report helps to warn people about current threats and disrupt them where possible. You’ll need to provide details of the incident, such as how it occurred and any losses you suffered.
The email provider
If someone is using an email service to impersonate you (like Gmail or Outlook.com), report this to the provider.
IDCARE
Contact IDCARE if your personal information is at risk from a data breach. They’re a national identity and cyber support service for individuals and organisations.
Australian Taxation Office
Contact the ATO if someone has stolen your personal or business identity. You must report all tax-related security issues to the ATO.