From the Law Society of NSW
on 12-02-2018 02:51 PM - last edited on 25-06-2018 08:53 AM by AnnaHardie
From The Law Society - NSW
"In one instance the criminal has hacked into one of the party’s computers and has been monitoring the emails between the solicitor and the other party. The other party sent its final instructions as to the bank account details where the payment of $250,000 was to go to by attaching a PDF of the instructions to the email. However, the hacker amended the PDF with their own bank account details and stated this was the account where the funds were to go. Accordingly, the solicitor referred instructions to PEXA to pay the $250,000 to the wrong bank account. The payment of the $250,000 was paid to the wrong bank account. Luckily, the other party was eagerly awaiting the funds and contacted the solicitor immediately and the bank was notified, and the funds were saved."
To be clear, this wasn't a breach of the PEXA platform - the user's computer and or email client were compromised and the false bank details were entered into PEXA by the user who received the email with the amended PDF.
In order to protect yourself in similar circumstances, a great tip is to, as a matter of course, telephone the other party (using the telephone details on file) in every transaction where new bank account details are given, to confirm those new bank details with the client prior to the transfer.