Published on Sep 30, 2019

Feel free to share

Many people don’t realise why emails have a bcc field. Most email platforms have a function called blind carbon copy (bcc), which means that you can send an email out to a large group of people without sharing their email addresses amongst the recipients. But why is this important?

Sharing email addresses to a wide group of people can lead to an easy data breach in your business. The email addresses can be used by spammers and scammers, for identity theft or other cybercrimes.



For example, one of the simplest and most widespread ways companies are scammed is by receiving an emailed invoice from one of their suppliers which includes a change of bank details for a payment. Except it may not be legitimate. If you receive one of these pick up the phone and check, and don’t use the phone number on the potentially fake invoice or you might be talking to the scammer.

For some people, having a database of email addresses fall into their laps can enable them to use it for a range of purposes, or just sell it on to other people, again for a range of uses.

If you’re lucky you and your database may just end up with an increase in their email spam traffic. If you’re less lucky, you or they may end up poorer or worse. Either way they won’t be happy if they find out you caused it.

How to turn bcc on if it isn’t already

In many email platforms having the bcc function on may not be the default setting, you may need to look for it. Usually it’s under the options tab. Once you find it keep it on so that it prompts you and your staff to remember to use it.


When shouldn’t you use bcc?

Don’t use it if you’re sending out an email and you want to bcc someone else in as a FYI. This is considered sneaky and could backfire on you. If the bcc person accidently hits the reply all, suddenly your original correspondent will get a reply from someone they didn’t know was in on the conversation, and they may not be happy about the subterfuge. It’s the email equivalent of listening at the door or recording someone without their knowledge. Not a good look.


The bottom line

Just remember, one case of human error can lead to a major data breach. Make sure you have a company policy about this and train your staff. And make sure you leave bcc on as the default setting.


If you think you’ve had your privacy hacked, contact the Australian Cybercrime Online Reporting Network (ACORN).