Stay safe: protect your NFP from email cybercrime

Email compromise presents one of the most reported cybersecurity risks according to the Australian Signals Directorate (ASD) — the federal agency behind the Australian Cyber Security Centre. Email accounts are valuable targets for cybercriminals as they can be used to: - Impersonate account owners, - Spread scams or malicious links, - Access sensitive information, and - Perform password resets. To help keep your not-for-profit (NFP) organisation safe, it's vital to have systems and processes in place to reduce the risk of cyber events — and a plan to respond if one occurs. The ASD recommends the following actions to strengthen your email security: - **Check your email settings** - **Turn on multi-factor authentication (MFA)** - **Enable email content filtering** - **Train staff and volunteers to recognise suspicious email activity** The ASD has developed dedicated [guidance and information](https://www.cyber.gov.au) to help you boost your NFP’s cyber defences and improve response and recovery from cyber incidents. If you receive a phone call, text message or email claiming to be from the ATO that seems suspicious, don’t engage. Instead, go to the ATO website to [verify or report a scam](https://www.ato.gov.au/general/online-services/identity-security/scam-alerts/) or call **1800 008 540** for confirmation. --- ### Keep up to date - Explore more articles in the **Not-for-profit newsroom** - Subscribe to the **Not-for-profit news** newsletter for monthly updates - Follow **Assistant Commissioner Jennifer Moltisanti** on LinkedIn for the latest posts - Visit the [ATO Community](https://community.ato.gov.au) to find answers to your tax and super questions