I’d like to advise members of an email phishing scam targeting PEXA Exchange users. In this instance, an email was sent to a practitioner, purporting to be from PEXA via WeTransfer, asking the recipient to open/download files.
Malicious emails being sent via WeTransfer is an ongoing cyber-threat affecting Australian organisations. Please note PEXA does not use WeTransfer for any email correspondence or service.
What to do
If you receive an email appearing to be sent from PEXA via WeTransfer, do not click any links and delete immediately.
As always, if you receive a similar phishing email or another communication you believe to be suspicious, please:
Do not respond
Do not click links or download attachments
Delete the e-mail
Report it to your relevant security administrator or e-mail PEXA’s security team at firstname.lastname@example.org.
PEXA will never send you an email advising you to click a link to access the PEXA Exchange, and will always direct you to login to access your account via pexa.com.au.