In the face of mounting cyber threats, the Australian Competition and Consumer Commission (ACCC) has issued an urgent warning to businesses nationwide about the rise in business email compromise (BEC) attacks, which has prompted the organisation to release a comprehensive guide to counteract the threat.
Cybercriminals are increasingly exploiting emails and unauthorised access to email accounts can unravel a slew of grave risks, including exposure of sensitive information, identity theft and fraud.
Predominantly, businesses are falling victim to scams like business email compromise (BEC) in which criminals impersonate business representatives to defraud unsuspecting contacts.
The ACCC's urgent call to action underscores the escalating cyber threats in the digital landscape, equipping businesses with the right tools, stringent protocols and consistent vigilance can significantly reduce the risk of falling victim to cyber threats.
Business Email Compromise (BEC) takes many forms. It could include cybercriminals copying your domain name for fraudulent activity.Learn more via our website???? https://t.co/g0XhVMkEEW pic.twitter.com/zPw1ceqZ5g
— Australian Cyber Security Centre (@CyberGovAU) July 31, 2023
How to secure yourself?
In this pressing scenario, the ACCC is taking a firm stand, offering a thorough guide for businesses to secure their digital operations.
These easy-to-implement, cost-effective protective measures can shield your emails from compromises, deter impersonation attempts and fortify your business against potential email fraud:
- Multi-factor Authentication (MFA) - MFA serves as a robust shield for email accounts by requiring two-factor verification, significantly obstructing unauthorised access attempts.
- Domain name protection - Cybercriminals are increasingly capitalising on expired domain names to mimic businesses and deceive customers. Regular renewal and registration of similar domain names can prevent this misuse.
- Email authentication measures - Businesses are urged to set up email authentication protocols like Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Conformance (DMARC) to combat email spoofing.
- Online privacy - As cybercriminals trawl the internet for personal details, exercising caution when revealing identifying information online becomes paramount.
- Implementation of policies and procedures - Establishing protocols to manage unusual or unexpected requests can prevent unauthorised actions and potential scams.
- Training and awareness - Regularly training your employees to identify and handle potential scams or phishing attempts is a critical line of defence.
- Stay updated and vigilant - As the cyber threat landscape continually evolves, staying abreast of the latest cyber threats and trends is critical.
The ACCC's alert is not just a warning but a step towards a future where businesses are well-prepared and resilient against cyber threats.
By implementing these protective measures, the centre envisages a digital ecosystem where businesses can operate securely, maintaining the integrity of their operations and fostering trust among their clients.
The ACCC anticipates that these strategic measures will serve as the foundation for a resilient cybersecurity infrastructure.
In conjunction with the rise of advanced cybersecurity technologies and strategies, the risk of falling victim to cybercriminal activity will be drastically reduced and the collective cyber resilience of businesses will continue to strengthen, leading to a safer, more secure digital economy.