According to the FBI website, business email compromise is one of the most financially damaging online crimes. In this kind of scam, criminals send an email that looks like it came from a known source, making a legitimate request––such as an independent contractor your company regularly works with sending an invoice with an updated email address. In this case, your company could lose hundreds to thousands of dollars by paying a false invoice. It’s one thing to be on the receiving end of a compromised email, but what do you do if your business email is compromised?
<H2> Immediately Change Your Passwords
If you notice a business email compromise early on, you can mitigate the damage by changing your password and other personal information linked to your account. This will cut the malicious actor off from your account and afford you total control once again. But remember, your email account is a personal information haven, so be sure to change verification information for your business social media accounts, bank accounts, and anything else that could be linked to the compromised email account.
Do your best to make your new passwords strong and unique– and don’t reuse a password on multiple accounts.
<H2> Warn Anyone That Could Have Been Cyber-Harmed
After you have dealt with the initial threat of your business email compromise, you have a responsibility to contact those that may have been affected by the attack. If you cannot contact every single person who may be on that list, at the very least, you need to contact your colleagues who would be able to keep a close eye on their business accounts.
<H2> You May Need to Contact an IT Professional
If you were fortunate enough to solve your entire business email compromise debacle by changing your password, then the only steps you need to take next are to ensure that you are protected from a future attack.
If not, and cyberattackers have been able to take over your account entirely, overriding your company security protocols – it’s time to fess up and call your company IT professional for help. They will most likely be able to contain the threat and be the most knowledgeable about the best next steps to take to reclaim your account. They will likely also help you by notifying your team about the threat coming from your account, which saves you the inconvenience of having to do it yourself. Bonus!
If this is an issue too challenging for your IT department, reaching out to your email provider may prove helpful. Remember, they have a vested interest in protecting your account from bad actors as well. You are not alone.
<H2> Protect Yourself So This Never Happens Again
Once you’ve regained control of your account, you will want to protect yourself against future attacks. Be proactive by ensuring that all your applications, operating systems, software, and browsers are up to date so that you are always running the latest versions. Updates often contain solutions for security flaws that criminals can exploit.
If your company isn’t already using security software– consider using one from a reputable company and install it on all devices for optimal protection.
In general, keeping an eye on your personal and professional online identity is crucial in protecting yourself from online threats.