PEXA has been made aware of a sophisticated phishing incident targeting an Australian conveyancer. In this instance, an email was sent to a client of a practitioner purporting to be from the practitioner. The sender of the email had established a similar email address to that of the practitioner, and subsequently telephoned the client to advise of a change to bank details.
PEXA reminds all members of the importance of having processes in place to obtain or share account details with clients, and to confirm those by a secondary means. We have previously posted about this here.
PEXA also recommends members implement multi-factor authentication for email accounts that are used for business purposes to reduce the risk of compromise.
Members are also encouraged to consider using PEXA Key to securely communicate and receive bank account details with their clients.