IntermediateWhat To Do If It Happens

What to do if your business email is compromised

A compromised business email account needs to be treated as an emergency. Criminals who have access to your inbox can read client communications, intercept invoices, learn your payment patterns, impersonate you to clients, and reset passwords on linked services.

Immediate steps:

1. Change the email account password immediately from a device you trust (not the potentially infected one)

2. Enable two-factor authentication if it isn't already on

3. Check and update the recovery email and phone number — attackers sometimes change these to maintain access

4. Review recent sent items for any emails you didn't send

5. Check email forwarding rules — attackers often set up silent forwarding so a copy of every email goes to them even after you change the password

6. Notify your bank, key suppliers, and clients that your email was compromised and that any recent payment instructions from you must be verbally confirmed

7. If customer or client data was accessible from the inbox, assess whether an ICO notification is required within 72 hours

The discovery that your email was silently monitored for days or weeks is unsettling. Start with the steps above, then work with an IT professional to understand the full scope of what was accessible.

Tags

email compromisebusiness emailincident responseforwarding rulesICO

More in What To Do If It Happens

All guides
beginnerfeatured

What to do in the first hour after being scammed

If you've just realised you've been scammed or have given money or details to a criminal, the next 60 minutes matter more than any others. Step 1 — If money was transferred: Call your bank immediately using the number on the back of your card or on your banking app. Tell them you've been a victim of fraud and ask them to try to recall the payment. Speed is critical — some banks can intercept transfers before they clear. Step 2 — If you gave card details: Call your card issuer to cancel the card. Request a replacement. Check your recent transactions for any you don't recognise. Step 3 — If you gave your password: Change it immediately on the affected account and on any other account that uses the same password. Enable two-factor authentication if you haven't already. Step 4 — If you allowed remote access to your computer: Disconnect from the internet immediately (turn off Wi-Fi or unplug the ethernet cable). Do not use the computer again until it has been professionally checked. Step 5 — Report it: Call Action Fraud on 0300 123 2040 or report online at actionfraud.police.uk. Keep a record of all details: when it happened, what was said, how you paid, and any reference numbers. You are not foolish for being scammed. These are sophisticated criminal operations.

See: The Fake Bank Security AlertWhat To Do If It Happens
beginner

How to recover a hacked social media account

If you've lost access to your Facebook, Instagram, or other social media account, recovery is possible but can take time. Starting the process quickly and correctly matters. Facebook account recovery: 1. Go to facebook.com/login/identify 2. Search for your profile and select "Forgotten password" 3. If your email and phone have been changed by the attacker, select "No longer have access to these" 4. Facebook will ask you to verify identity using a government-issued photo ID 5. Submit the request — this typically takes 24–48 hours Instagram account recovery: 1. On the login screen, tap "Get more help" 2. Enter your username, email, or phone 3. Follow the instructions for identity verification 4. For accounts where the email was changed: look for a "Revert this change" link in the email Instagram sent when the email was changed While waiting for recovery: - Post on other platforms warning your followers that your account has been compromised and to ignore any messages or posts from it - Email key contacts directly if you have their details Prevention: enabling two-factor authentication before a compromise makes account takeover far harder and speeds up legitimate recovery.

See: Instagram Account Hijacked for Investment ScamWhat To Do If It Happens
beginner

Your rights when you've been a victim of bank transfer fraud

Being tricked into sending money to a criminal account (called Authorised Push Payment fraud or APP fraud) is now one of the most common types of bank fraud in the UK. Many victims don't know they have legal rights to reimbursement. Since October 2024, new rules from the Payment Systems Regulator mean that most victims of APP fraud must be reimbursed by their bank within five business days. The new limit is £85,000 per claim. Your bank must reimburse you UNLESS: - You were grossly negligent (you ignored clear warnings from your bank) - You were complicit in the fraud (e.g. you were a money mule) - You are claiming within a business context with additional risk factors How to claim: 1. Contact your bank as soon as possible after the fraud 2. Explain that you were deceived into making a transfer 3. Ask to raise an APP fraud claim 4. If the bank refuses or offers less than expected, escalate to the Financial Ombudsman Service at financial-ombudsman.org.uk (free service) Document everything: the fraudulent communications, dates, amounts, and any warnings you did or didn't receive. This strengthens your claim significantly.

See: The Fake Bank Security AlertWhat To Do If It Happens