A local business loses $280,000 to an email hacker. Why 2FA is important.

transport truck

Its true. One of our own clients lost up to $280 thousand dollars to a malicious third-party hacking into their emails. They were able to access passwords found in their emails, log into their invoicing software and pay fraudulent invoices to themselves. How did they hack into their emails? Simple, they found out their email address password and just logged in.

Its scary to think that it could be so simple for someone to get into your emails and use that information to steal hundreds of thousands of dollars. However, keep in mind if you use correct IT procedures and have knowledge about your IT failing, you can be a much less enticing and a much more difficult target. No IT system is ever 100% secure, but your IT system can be secure enough to hopefully prevent attacks all together.

So, how did the hacker manage to gain access to our client’s email password in the first place? It’s likely the result of a technique known as phishing, where fraudulent emails or websites are used to trick unsuspecting users into revealing their login credentials. Sometimes, all it takes is one misplaced click or an overlooked detail to fall victim to these sophisticated cyber traps. Learn more about phishing from our previous article about phishing.

This incident also reveals a crucial lesson: never share your passwords via email. Emails are not encrypted and are always visible in plain text. Even if the hacker didn’t have the password, if they managed to intercept the emails, they could still be able to read your emails through other attacks. Although it may seem convenient, especially when dealing with multiple accounts or collaborating with team members, sending passwords in an email is akin to leaving your house keys under the doormat. Once a hacker gains access to your email, they potentially have access to all your online accounts.

Why is this so? An email account often serves as a recovery point for most online accounts. If a hacker gains access to your email, they can trigger password resets on your other accounts and intercept the recovery emails, effectively locking you out and taking control. It’s a digital domino effect of disastrous proportions.

This brings us to the vital importance of Two-Factor Authentication (2FA).

2FA provides an extra layer of security by requiring two forms of identification before granting access. Typically, the first form is something you know (your password), and the second form is something you have (like your mobile device) or something you are (like your fingerprint). This means that even if a hacker manages to compromise your password, they would still need the second authentication factor to access your account.

Many popular email services, including Gmail, Outlook, and Yahoo, offer 2FA. Here’s a simplified guide on how to enable it:


Go to your Google Account.

Under “Security,” select “2-Step Verification.”

Click “Get started.”

Follow the prompts to set up your verification method.


Go to your Microsoft account security page. This requires new versions of outlook that use Microsoft Accounts.

Under “Two-step verification,” click “Set up two-step verification.”

Follow the prompts to set up your verification method.


Go to your Account security page.

Click “Two-step verification.”

Enter your mobile number.

Click “Send SMS” or “Call me” to get a verification code.

Enter the code and activate 2FA.

In a digital world where cyber threats are ever-present and ever-evolving, adopting proactive measures like avoiding the sharing of passwords via email and enabling 2FA is crucial. It’s not just about protecting your business’s financial assets—it’s about safeguarding your reputation, your customer relationships, and your peace of mind.

However, remember that no security measure is infallible. Continue educating yourself and your team about the latest cyber threats and mitigation strategies. There are other IT practises such as “Need to know” access policy, Zero Trust Architecture, Vulnerability assessments and much more. A cybersecure business is not a destination, but a journey, and with each step, you make your business a harder target for those with malicious intent.

Need more help or information?

Click the link below to contact us at Plus 1.

Open Hours

Monday to Friday
8:00am to 5:00pm

Closed Public Holidays


If you need to get us documents quickly, access remote support, or the MYOB Portal click the button above.

Contact Us

27 Welsford Street
Shepparton, VIC 3630

T: (03) 5833 3000
F: (03) 5831 2988
Email Us