The perils of using email to exchange sensitive information By David Willett, Chief Information Security Officer, PEXA
In early September, I came across an article in the Sydney Morning Herald titled “Sydney couple buying property scammed out of almost $1 million”. This cautionary tale outlined that during the final stages of the settlement process, all that was left to do was transfer approximately $1 million to their lawyer’s trust account to finalise the sale. A day before the transfer, the couple allegedly received what appeared to be a legitimate email from their lawyer asking them to deposit the funds into a different account. As the story points out, it is alleged that scammers were impersonating the couple’s lawyer – a scam known as a business email compromise (BEC) scam. BECs were the subject of a recent alert sent out by the Australian Cyber Security Centre (ACSC), noting the current prevalence of these scams, with lawyers and conveyancers, as well as homebuyers and sellers, being targeted by cyber-criminals. The ACSC noted: “Cybercriminals are 14
targeting all parties involved in the real estate sector, with a particular focus on impersonating conveyancing lawyers and communicating with their clients.” Scammers are clever and deliberate, setting out to trick people into transferring funds or disclosing sensitive information. Cyber-criminals prey on our trusting nature. It’s what they do – it’s their profession. But what we all need to remember is that email is not a safe channel for the communication of sensitive information. When dealing in our digital world, my advice is to always remain vigilant and always verify, and this is especially the case for parties to a property settlement transaction. Protecting yourself, your business and your clients against BEC scams is vital and we strongly recommend the use of PEXA Key as a secure method for practitioners and homebuyers or sellers to share financial account details, mitigating the risks associated with email. PEXA Key uses encryption to safeguard the communication of account details. This ensures confidential information, like bank and trust account details, cannot
