Warn your contacts, your bank, and harden the account

    BEC isn't a one-off — once your inbox has been used for fraud, you're a known target. Warning contacts on a different channel and adding a phishing-resistant 2FA method are the long-term protection.

    Why a hardware key matters here

    BEC almost always starts with phishing or session-token theft. A hardware key or passkey defeats both — even if they get the password, they can't log in.

    More from Communications Security

    No image

    Confirm the inbox is actively compromised

    Pin down which account, who's been emailed, and which sessions are unfamiliar.
    No image

    Make the next phishing email harmless

    Use a password manager, hardware key and email aliases so a single phish can't cascade.
    No image

    Use specialised victim resources

    Sextortion has dedicated services — they're free, confidential and fast.