It’s essential to be aware that email compromise can happen to anyone and lead to severe consequences if not dealt with promptly. However, with the proper guidance, you can recover from these threats and take steps to prevent future attacks.

Here’s a step-by-step guide to help you navigate this challenge:

Step 1: Reporting the Incident

If your email has been compromised, the first action is to report the cybersecurity incident. The Australian Cyber Security Centre (ACSC) provides a platform called ReportCyber where such incidents can be flagged.

Step 2: Reinforcing Account Security

After reporting, it’s essential to check and reinforce the security of your compromised email account.

Some of the following steps may require technical know-how; consider seeking professional assistance if needed:

• Change your Password: A compromised password should be immediately changed. Choose a strong, unique passphrase that is long, random, and unpredictable. It should not contain common words, names, dates, or patterns that are easy to guess.
• Update Recovery Details: Ensure your account recovery details are up to date. Cybercriminals often modify these details to maintain access.
• Sign Out Everywhere: Log out your email from all devices to ensure the attacker loses their foothold.
• Activate Multi-Factor Authentication (MFA): This is an essential security measure. MFA requires users to verify their identity using two or more methods, making unauthorised access significantly more challenging.
• Review Email Settings: Assess your email settings, paying close attention to email forwarding rules. Delete any unfamiliar ones.
• Examine Third-Party Access: You might have been granted access to your email for various services over time. Review these and cancel any that you don’t recognise.
• Regularly Check Login Activity: Regular inspections can help identify suspicious activity, such as logins from unknown locations or at odd hours.
• Inspect Folders and Other Accounts: Browse through your email folders, especially sent and deleted items, to understand the extent of the breach.

Step 3: Informing Contacts and Relevant Entities

Upon realising a breach:

• Contact Your Network: Alerting your contacts, including customers, colleagues, and suppliers, is crucial. They should be aware so they can be wary of suspicious emails from your compromised account.
• Legal Obligations and Reporting: If the breach has caused significant harm to any of your contacts, there might be a legal obligation to report this data breach to the Office of the Australian Information Commissioner (OAIC). More details on the OAIC’s Notifiable Data Breaches scheme can be found on their website.
• Identity Theft: In identity theft cases, consider contacting IDCARE through their website (idcare.org) or their helpline at 1800 595 160. IDCARE offers a free, government-funded service to support victims of identity theft.

Step 4: Tackling Domain and Display Name Spoofing

Email spoofing, primarily domain and display name spoofing, is a commonly employed tactic by cybercriminals to deceive recipients, often leading to phishing, fraud, and malware infections. By understanding these tactics, you stand a better chance against falling prey to cybercriminals:

Domain Spoofing:

What is it? This technique involves the attacker registering a domain that visually resembles your legitimate domain. It plays on typography and human errors, such as mybusiness.com.au vs. mybusinss.com.au.

Why do they do it? This approach exploits the glances we often give to email addresses. At first glance, a typo in a domain might not be noticeable, leading the recipient to believe the email is genuine.

How to combat it?

Complain with the .au Domain Authority (auDA) if the suspicious domain has an Australian suffix. Conduct a WHOIS lookup to determine the registrar of the malicious domain. Once identified, contact the registrar and request the suspicious domain’s deactivation.

Display Name Spoofing:

What is it? In display name spoofing, attackers maintain their email address but modify the display name to mirror someone you might know or a business you trust. So, while the email address might be john_doe123@attacker.com, the display name might read “John Doe” or “MyBusiness Support.”

Why is it effective? Most email clients prominently display the sender’s name, with the actual email address taking a secondary, often less noticeable spot. An attacker is banking on the idea that users trust the display name over the email address.

Countermeasures:

Always inspect the email address, not just the display name, especially if the email content seems off or requests sensitive information.

Stay ahead of cybercriminals by constantly scrutinising unusual emails and educating your peers and colleagues about these threats. Forewarned is forearmed.

Step 5: Engage Email Providers Over Impersonation

If you suspect display name spoofing via popular email providers, take prompt action:

Outlook, Hotmail, Live or MSN: Forward the suspicious email as an attachment to abuse@outlook.com.

Gmail: Lodge an abuse report via Gmail’s support page.

Other Providers: Visit their official websites for specific abuse reporting methods.

In Conclusion, finding out your email has been compromised leaving your business at risk can be daunting, but with the proper steps and prompt action, you can mitigate the risks and prevent future attacks. Remember, cybersecurity is as much about response and recovery as it is about prevention.

That’s why here are netstripes; we created affordable cyber security and tech support packages to help small businesses with website threat prevention and support.  Speak to one of our cyber specialists for more information on how to protect your business website from cyber attacks.

Remember, stay vigilant and stay safe.

---

Some information for this article was sourced from: www.cyber.gov.au