What it is
Business email compromise is when an attacker gets access to someone's work email account without their permission, to carry out attacks or scams.
How to protect your business email accounts
Set up two-factor authentication
Two-factor authentication (2FA) requires users to provide something else on top of a username and password when logging into your systems, to verify that they are who they say they are.
With 2FA enabled, an attacker would usually need access to another device or a token to be able to log in to your system, even if they managed to crack a username and password.
Use strong, unique passwords
Use strong, long and unique passwords on all your accounts. Encourage staff to use a password manager to help them remember all their passwords.
Don't share personal information online
Don’t give out personal information online, whether on social media or by email, and ensure your staff know the importance of this too. Personal information, whether it's birthdays, addresses or pets' names can help attackers to guess usernames or passwords.
Set up logs
Logs record all the actions that people take when they access your website or server. They can help you detect when an incident happens and establish the full scope of the incident.
Prevent spoofing with SPF, DMARC and DKIM security policies
Email spoofing is when an attacker sends an email appearing to come from your organisation’s domain. This can happen if your domain doesn't have SPF (Sender Policy Framework), DMARC (Domain-based Message Authentication, Reporting, and Conformance), and DKIM (DomainKeys Identified Mail) security policies set.
Get IT support
Ask your IT provider to monitor your business email and check:
- auto-forwarding rules on email accounts, especially those relating to accounts receivable
- auto-filtering rules on email accounts to see if there are any rules that you did not set up
- email access logs to look for any unusual login behaviour like a change in log in times and unexpected or foreign IP addresses.
If you discover that an email account within your business has been compromised, there are some steps you can take to help reduce the impact.
- Change the passwords on all affected email accounts immediately.
- Set up 2FA.
- Tell your IT provider.
- Ask your IT provider to check your system for any installed malware.
You can also report the incident to us at CERT NZ.