First published: 28 Jun 2022
Last updated: 28 Jun 2022

Content written for

Individuals & families
Small & medium business

Whether you’re an individual who uses email for online banking and shopping, or a business relying on email to manage payments and invoicing, you should know about Business Email Compromise (BEC).

BEC is a type of email scam in which an attacker targets a person or business to steal data or sensitive information, then attempts to defraud victims by fooling them into making payments or changing banking details by impersonating trusted senders, including employees, vendors or companies.

Strong email security can help protect sensitive private information, business operations and customers.

In response to the BEC threat, the Australian Cyber Security Centre has updated easy-to-follow email security guides with simple steps and visual guides to help Australians keep their email secure.

The guides include Email Attacks Prevention, Email Attacks Emergency Response, Securing Google and Microsoft Accounts, and How to Check Your Email Account Security - for Outlook and Gmail.

To help stay ahead of BEC, there are simple things that you can do to strengthen your email security:

  • Set secure passphrases for each account.
  • Set-up multi-factor authentication.
  • Exercise caution when opening attachments or links.
  • Think critically before replying to requests for money or personal information.
  • If you’re a business, establish clear processes for workers to verify and validate requests for payment and sensitive information.

Test your ability to spot a scam using the email security quiz on the BEC landing page.

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) recently signed a memorandum of understanding with the UK’s National Cyber Security Centre to leverage their Exercise in a Box scheme and make it available soon to Australian businesses.

This online tool will help Australian organisations of any size find out how resilient they are to cyber attacks. It will also help them test and practise their cyber incident response in a secure environment.

Australian businesses and organisations are encouraged to join the Australian Signals Directorate’s Cyber Security Partnership Program to receive timely cyber alerts, advice, and engagement opportunities to help boost their cyber resilience.

Australians should report cybercrime, including BEC incidents, to ReportCyber. The ASD's ACSC is contactable 24/7 by calling the Australian Cyber Security Hotline on 1300 CYBER1 (1300 292 371).

By reporting cybercrime and working together, every Australian and Australian business can help make Australia a more secure place to connect online.

Was this information helpful?

Thanks for your feedback!

Optional

Tell us why this information was helpful and we’ll work on making more pages like it