Hi Community,
PEXA has been alerted to an incident whereby an unknown party gained unauthorised access to a practitioner's email account where a change in password email, that was sent from the PEXA platform to the Subscriber, allowed this person to access the Subscriber's PEXA account. As a result, the destination account details in the settlement schedule were fraudulently changed. We want to assure you that the PEXA platform was not compromised. A practitioner's email account was compromised.
This in isolation isn't enough for a fraudulent payment to occur. Any payment instruction requires you to digitally sign (or re-sign) the financial settlement schedule confirming the account details that you have entered, allowing settlement to proceed. Please be conscious of checking the settlement schedule immediately prior to signing to ensure that the information you are signing off on is correct.
We are working closely with all parties, including the relevant authorities to assist in every possible way.
While attempts of this nature are not specific to e-Conveyancing, PEXA urges all practitioners to take steps to reduce the risk of fraud. This includes, among others, verbally confirming bank account details with clients, not using free public Wi-Fi and keeping security patches up to date.
The PEXA security team is currently undertaking detailed monitoring of all Workspace activity, checking for any similar scenarios where passwords have been re-set in close succession among a number of other things, which may be considered ‘unusual’ behaviour.
If we find any Workspaces or accounts that fall into this category, we will immediately call you to double check if you undertook the activity in question. PEXA is also in the process of adding additional security measures. We will continue to keep you updated.
The Law Institute of Victoria offers a practical guide covering cyber security which we would encourage you to read. In addition, The Queensland Law Society has also published a warning in relation to email scams.
PEXA will continue to provide its members with the latest in cyber security awareness tools and tips via our seminars, newsletters and bespoke security page on the PEXA website.
If you would like guidance on how to stay safe online, please visit the Online Security Group on the Community or the security page on our website. We also have an FAQ page.
Kind regards,
James Ruddock
Acting CEO, PEXA