The PEXA Security Team have recently detected a number of fake PEXA domains being used online. In basic terms, a domain is the “address” used to locate a website online. For example, PEXA’s website domain is pexa.com.au.
The fraudulent domains are currently being removed; however we encourage members to remain vigilant at this time, as these may be used by cyber-criminals to coordinate phishing campaigns.
Please ensure you only log in via the verified PEXA Exchange URL – workspaces.pexa.com.au. As always, you can verify legitimate websites by checking for the "padlock" next to the address bar. A reminder that after entering your username and password, you will be required to complete MFA via the PingID app or SMS.
Additionally, please note that PEXA will never:
Call you from unverified phone numbers.
Ask for your multi-factor authentication code.
Request files or information from you via a third-party service.
Email you from unofficial addresses (emails that don’t end in @pexa.com.au).
Send you an email advising you to click a link to log in to the platform.
If you believe you have clicked on a malicious link or downloaded a suspicious attachment, please reach out to us at email@example.com and we'll be happy to assist you.