The Australian government advises citizens in the country to set up a secure passphrase for each email account. “Passwords are passé. It’s time to use passphrases,” said the Australian Cyber Security Center (ACSC). A passphrase is a password that consists of several words. This makes it easier for users to remember, but more difficult for attackers to crack due to its length. The ACSC’s advice follows due to the approaching tax season in Australia, when scammers and cybercriminals can strike. This mainly concerns Business Email Compromise (BEC). At BEC, which also includes CEO fraud, attackers are able to gain access to email accounts through, for example, phishing or weak or reused passwords. Through the hijacked accounts, but also by using spoofed email addresses or typosquatting, where they register domains that resemble those of a legitimate organization, the attackers send rogue emails. For example, the scammers pose as suppliers and request customers to transfer payments to other accounts, or the financial administration of an attacked organization is requested to pay certain invoices, whereby the money must be transferred to accounts specified by the attackers. Damage caused by BEC was more than $43 billion between June 2016 and December 2021, the FBI said in May. Last year, in particular, the damage from BEC fraud exploded to $40 billion. Because of the BEC threat, the ACSC makes several recommendations for securing email accounts, including the use of passphrases. Furthermore, the use of multi-factor authentication is recommended and citizens should exercise caution when opening email attachments and links. It is also important that organizations and businesses establish clear processes for handling payment requests and confidential information.
