Australians and Australian businesses should be aware of Business Email Compromise (BEC) threats at all times and especially around tax time.

BEC occurs when cybercriminals access email accounts to steal your sensitive and financial information, or commit fraud by impersonating employee or company email accounts to obtain money or data.

What can you do?

Preventative and protective measures are simple, cost effective and immediately beneficial.

We encouraging individuals and businesses to strengthen their email security by taking the following steps:

• Set secure passphrases for each account and not reusing existing passwords. The use of a Password Manager can assist with this
• Set-up multi-factor authentication (MFA)
• Exercise caution when opening attachments or links. 
• Using a secure web browser that offers protection against scam websites (we recommend Google Chrome)
• Think critically before actioning requests for money or sensitive information.
• If you’re a business, establish clear processes for workers to verify and validate requests for payment and sensitive information.

Use the ACSC’s learning resources  

Individuals and businesses can learn how to protect their email accounts and know what to do after an email attack by using our easy-to-follow guides found here, including:

• Step-By-Step Guide Securing Google Accounts 
• Step-By-Step Guide Securing Microsoft Accounts 
• Step-By-Step Guide How to check your email account security – Gmail 
• Step-By-Step Guide: How to check your email account security – Outlook 
• Email Attacks Emergency response Guide 
• Email Attacks Prevention Guide 
• Email security Quiz