Email compromise was identified as the most reported cybercrime for businesses, according to the Australian Signals Directorate’s (ASD) Annual Cyber Threat Report 2023–24.

Cybercriminals can send phishing emails or impersonate other businesses to trick you into giving them sensitive information, opening malicious links, and sending money or goods.

The vast majority of email compromise incidents ASD responded to in the last financial year involved compromised accounts or credentials. A common way this compromise happens is via information stealer malware, which cybercriminals use to collect information from a victim’s device. 

What can you do?

This June, ASD is reminding Australian small businesses and sole traders that email security is not ‘set and forget’.

Take simple steps to review your email security:

  • Check your email settings.
  • Turn on multi-factor authentication (MFA).
  • Turn on email content filtering.
  • Train staff to recognise suspicious email activity.
Was this page helpful?