Former PEXArian

From the Law Society of NSW

From The Law Society - NSW 


"In one instance the criminal has hacked into one of the party’s computers and has been monitoring the emails between the solicitor and the other party. The other party sent its final instructions as to the bank account details where the payment of $250,000 was to go to by attaching a PDF of the instructions to the email. However, the hacker amended the PDF with their own bank account details and stated this was the account where the funds were to go. Accordingly, the solicitor referred instructions to PEXA to pay the $250,000 to the wrong bank account. The payment of the $250,000 was paid to the wrong bank account. Luckily, the other party was eagerly awaiting the funds and contacted the solicitor immediately and the bank was notified, and the funds were saved."


To be clear, this wasn't a breach of the PEXA platform - the user's computer and or email client were compromised and the false bank details were entered into PEXA by the user who received the email with the amended PDF. 


In order to protect yourself in similar circumstances, a great tip is to, as a matter of course, telephone the other party (using the telephone details on file) in every transaction where new bank account details are given, to confirm those new bank details with the client prior to the transfer.

Star Employee
Star Employee

Re: Email Fraud - Real scenario involving a PEXA transaction

This is a great example why we need to take Cyber Security as mater of utmost important. No matter whether you are big or small organization you need to have a defined plan to manage and mitigate your internet connected devices and assets. Ask yourselves today “Have you thought about Cyber Security in advance?”