What it is
Business email compromise is when an attacker gets access to someone's work email account without their permission, to carry out attacks or scams.
Unfortunately you are viewing this website on an outdated browser which does not support the necessary features for us to provide an adequate experience.
Please switch to a modern browser such as latest version of Google Chrome, Mozilla Firefox, Apple Safari or Microsoft Edge.
There are some simple measures you and your staff can put in place to strengthen your business email security.
Business email compromise is when an attacker gets access to someone's work email account without their permission, to carry out attacks or scams.
Two-factor authentication (2FA) requires users to provide something else on top of a username and password when logging into your systems, to verify that they are who they say they are.
With 2FA enabled, an attacker would usually need access to another device or a token to be able to log in to your system, even if they managed to crack a username and password.
Use strong, long and unique passwords on all your accounts. Encourage staff to use a password manager to help them remember all their passwords.
Don’t give out personal information online, whether on social media or by email, and ensure your staff know the importance of this too. Personal information, whether it's birthdays, addresses or pets' names can help attackers to guess usernames or passwords.
Logs record all the actions that people take when they access your website or server. They can help you detect when an incident happens and establish the full scope of the incident.
Email spoofing is when an attacker sends an email appearing to come from your organisation’s domain. This can happen if your domain doesn't have SPF (Sender Policy Framework), DMARC (Domain-based Message Authentication, Reporting, and Conformance), and DKIM (DomainKeys Identified Mail) security policies set.
Ask your IT provider to monitor your business email and check:
If you discover that an email account within your business has been compromised, there are some steps you can take to help reduce the impact.
You can also report the incident to us at CERT NZ.