Hi Community,

We received a report on 26 July 2022 of a scammer fraudulently posing as one of our PEXA members.

In this instance, the cyber-criminal was conducting a “phishing” attempt on the member’s client, trying to deceive them into providing their bank account details. The cyber-criminal used the firm’s email address, with an additional character added, in an attempt to fleece the victim.

Phishing refers to any fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details, by disguising oneself as a trustworthy entity in an electronic communication.

Phishing can be conducted via email, text message, phone call and other digital means.

Additionally, a typical payment redirection scam involves scammers impersonating a business or its employees via email or other channels and requesting an upcoming payment be redirected to a fraudulent account. This is commonly referred to as Business Email Compromise (BEC).

To protect against scams such as this, we highly recommend you make use of PEXA Key. This free app has been specifically built for industry to eliminate the risk of email phishing and enables your clients to provide their bank account details to their legal representative safely. All data is encrypted and automatically transferred into the PEXA platform, mitigating any risk of interception.

Additionally, once account details have been entered via PEXA Key, they cannot be altered in the workspace – further protecting against scams such as this.

If you suspect you’ve been targeted by a phishing attack or scam, it’s important to inform your relevant security contacts immediately. Acting fast ensures the best chance of recovery.

There’s no need to fear speaking up – we’re all human, honest mistakes can happen and we’re here to help.

David Willett

PEXA Chief Information Security Officer