Three things to do after a business email compromise attack

'How to' guides

Business email compromise (BEC) happens when cybercriminals defraud clients, customers or colleagues into sending across sensitive information or money by hacking into corporate email accounts and impersonating their owners, or by creating spoofed email accounts. 

With over 6,000 UK businesses targeted by BEC scams each month, phishing emails present a significant risk to your organisation. Therefore, for maximum defence against a business email compromise attack, all employees within the business must stay vigilant of phishing scams.

However, what happens when your email account has been hacked by impostors already?

In this guide, we'll share some practical advice on what you should do if you've been the victim of a phishing attack. By blocking the attack early on, you may be able to prevent it from evolving into a more widespread and costly problem. 

My email account has been hacked. What should I do?

If you or a colleague have become the victim of a phishing attack, there's a good chance the scammer will attempt to impersonate you. To prevent the cybercriminal from doing any real damage, you must act quickly. 

Here are three steps you should take to prevent a serious business email compromise attack:

1. Secure your email account

As soon as you become aware that your email account has been hacked, you must change your password. Choosing a strong password that bears no similarity to your previous one will help prevent the hacker from getting back into your account. 

When deciding on your new password, don't choose something that's easy to guess. For instance, if your name is Alice Jones, you shouldn't use 'AliceJones1'. You should also avoid changing a small aspect of your password such as a number. Changing 'AlicesPassword1' to 'AlicesPassword2' is not likely to protect your account against the hacker gaining access to your email account in the future.

You can easily create a strong password by abbreviating a sentence. "I like to play bass at the weekend" would turn into "Il2pBASSatw", for example. Mixing uppercase and lowercase letters and numbers will provide your email account with maximum protection against hackers.

If you have any other accounts that share the same password as your hacked email account, it's a good idea to also change those login details. Cybercriminals could attempt to use your old password to gain unlawful access to your other accounts.

2. Inform your manager or IT team of the incident

Now you've secured your account by changing your password, you need to alert your manager or IT team that you've been the victim of a phishing attack. By reporting the incident, your IT team or manager can make your colleagues aware of the scam and work on preventing similar attacks in the future.

We've shared an email template you can send to alert your IT team or manager below.

Email template:

To [name],

I am writing to inform you that I believe my email account was hacked on [date]. 

Here is the email with the [link/attachment] I [clicked on/opened]:

<Screenshot of original phishing email including sender's details>

I have already changed my password and will warn my contacts that someone may be impersonating me via my email account. 

Kind regards,

[Your name]

3. Alert your contact list

Once your email account has been hacked, the cybercriminal will be able to pose as you and send emails to your contact list. If someone you know receives one of these emails, there's a good chance they'll open it.

As soon as your clients, customers or colleagues open an impostor email from your account, the danger of a successful BEC attack increases significantly. Although it can be embarrassing to admit to your mistake so publicly, your warning may prevent your contacts from falling for the scam.

We've provided a handy email template below to help you alert your contacts.

Email template:

Hi [name],

I am writing to inform you that my email account is compromised.

Please ignore and delete any suspicious emails that come from my account; especially if they contain links or attachments, or if they ask you to provide sensitive data.

I have informed our IT team of the situation and taken steps to secure my account.

Thanks for your understanding at this time.

Kind regards,

[Your name]

Learn more about how to stop a business email compromise attack

Cybercriminals' tactics are becoming increasingly sophisticated so you need to stay one step ahead. 

Visit the Egress phishing hub to learn how to spot phishing attacks and why human layer security is your last line of defence against phishing. Protect yourself and your organisation today.