What it is
Business email compromise is when an attacker gets access to someone's work email account without their permission, to carry out attacks or scams.
Protect your business
Kia pare i tō pakihi ki te whakamōrea īmēra
Protect your business against email compromise
There are some simple measures you and your staff can put in place to strengthen your business email security.
3 min read
How to protect your business email accounts
-
Set up two-factor authentication
Two-factor authentication (2FA) requires users to provide something else on top of a username and password when logging into your systems, to verify that they are who they say they are.
With 2FA enabled, an attacker would usually need access to another
or a token to be able to log in to your system, even if they managed to crack a username and password.Your phone, tablet, or computer.
-
Use strong, unique passwords
Use strong, long and unique passwords on all your accounts. Encourage staff to use a password manager to help them remember all their passwords.
-
Don't share personal information online
Don’t give out personal information online, whether on social media or by email, and ensure your staff know the importance of this too. Personal information, whether it's birthdays, addresses or pets' names can help attackers to guess usernames or passwords.
-
Set up logs
Logs record all the actions that people take when they access your website or server. They can help you detect when an incident happens and establish the full scope of the incident.
-
Prevent spoofing with SPF, DMARC and DKIM security policies
Email
is when an attacker sends an email appearing to come from your organisation’sdisguising a phone number or email address as a different one.
. This can happen if your domain doesn't have SPF (Sender Policy Framework), DMARC (Domain-based Message Authentication, Reporting, and Conformance), and DKIM (DomainKeys Identified Mail) security policies set.A unique address for websites. For example, in 'www.example.com', the 'example' part is the domain.
-
Get IT support
Ask your IT provider to monitor your business email and check:
- auto-forwarding rules on email accounts, especially those relating to accounts receivable
- auto-filtering rules on email accounts to see if there are any rules that you did not set up
- email access logs to look for any unusual login behaviour like a change in log in times and an unexpected or foreign
.
a unique string of numbers that lets devices identify each other over the internet. Short for 'Internet Protocol'.
Get help
If you discover that an email account within your business has been compromised, there are some steps you can take to help reduce the impact.
- Change the passwords on all affected email accounts immediately.
- Set up 2FA.
- Tell your IT provider.
- Ask your IT provider to check your system for any installed malware.
You can also report the incident to us at CERT NZ.