Community home
Menu
  • PEXA Certified Expand

    PEXA Certified

    This program will give you an introduction to PEXA, how it works and how it can help you transform your business processes.

    Discover More
    • Getting Business Ready
    • System Set Up
    • Transacting in PEXA
  • Help Centre Expand

    Help Centre

    Here you’ll find more than 230 help articles and videos to assist you.

    Discover More
    • Help Articles
    • Help Videos/PEXA TV
    • PEXA Interactive Demos
    • FAQs
    • Ask a Question
    • PEXA Certified
  • Ask a Question
  • Share your Experience
  • Raise an Idea
  • Blogs Expand

    Read the latest in our blogs.

    Keep up to date with the latest PEXA product releases, and read up on the property blog.

    Discover more
    • Community Blog
    • The Property Blog
    • Security Updates
    • PEXA Product Releases
    • Announcements | Outages etc
    • The Bank Blog
    • Workspaces
      Community
      Register
      Log in
    Apps menu
  • Register / Login

Community Home
since ‎17-01-2018
IndikaWimalasiri
IndikaWimalasiri Star Employee
Star Employee
Register / Login

About IndikaWimalasiri

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Crowd Pleaser
Showing Appreciation
Scout
Community Columbus
Conversationalist
Community Explorer
Sharing your knowledge
Much Appreciated
Round of Applause
Ice Breaker
Thumbs up
Inquisitive Mind
Conversation Starter
Crowd Sourcer
PEXA Employee Group
View All
Latest Contributions by IndikaWimalasiri
  • Topics IndikaWimalasiri has Participated In
  • Latest Contributions by IndikaWimalasiri

Cybersecurity Christmas Wishlist

by IndikaWimalasiri Star Employee in Security Updates
‎22-12-2021 11:23 AM
1 like
‎22-12-2021 11:23 AM
1 like
As we approach the much needed holiday season (can’t wait) it is important to remember that bad guys don’t take holidays. They bank on our holidays to make their move. This has been one of the most attractive tactics hackers use. (well funded hacking groups do the study on human psychology where when times like this we tend to take things a little bit easy.)   With cyber most important thing to remember is to make sure you do the basics right. This can save the day for you. While there are layers and layers of things you can do to protect yourself and family/friends just doing the basics right will assist without overcomplicating things. So what are these basic? Any guesses…………..????   Passwords, Passwords. It– Long difficult to guess random words with numbers and special characters. (HorseTableYellowebox@741) MFA everywhere. One of the best protections going around. Update – Let’s take time to update your computers/smart devices. These don’t take much time nowadays and are very easy to do. (make sure you have updated your PEXA device to the latest and restarted your Laptop/MacBooks as well as iPhones/iPads) Backups – This will help you to recover from a Ransomware type attack. (All PEXA data should be stored on OneDrive or SharePoint.)   Now you have done that what is next, again basics….   Clicking can be cracking… Think before you click. Phishing emails are looking almost identical to authentic emails you would receive from a service provider or a known party. Wi-Fi – We have to resist the temptation when it comes to connecting to public Wi-Fi points. This is an easy one for hackers to set up rouge Wi-Fi and let people connect to it.   The last step – share this with your family and friends too…As we always say cybersecurity is everyone's responsibility… ... View more
Category:
  • Security

Security Alert | Email Phishing Scams targeting Pr...

by IndikaWimalasiri Star Employee in Security Updates
‎31-08-2021 11:47 AM
1 like
‎31-08-2021 11:47 AM
1 like
  Dear Subscribers, The Australian Cyber Security Centre (ACSC) has published an  alert to the industry , noting it has observed a growing trend of cybercriminals targeting the property and real estate sector to conduct business email compromise (BEC) scams.   Typically, cybercriminals will impersonate parties to a property transaction (such as real estate agents or conveyancers) and insert illegitimate bank details for settlement or rental payments. Victims assume this request is legitimate and will unknowingly send ­payment to the cybercriminal’s bank account.      What do these emails look like?   These fraudulent emails may come from hacked email accounts, or cybercriminals might register domain names that are similar to legitimate companies (typically by swapping letters or adding additional characters).      They might also create email addresses with Gmail, Yahoo or Outlook that use the legitimate business name. At a quick glance, an email address may look legitimate when it is actually being operated by a cybercriminal.     Cybercriminals are targeting all parties involved in the real estate sector, with a particular focus on impersonating conveyancing lawyers and communicating with their clients. Cybercriminals are also singling out mortgage lenders in order to intercept property settlements.   Below is an example of a  fraudulent  email received by a PEXA member.       Best practice   When communicating via email, please ensure to take the time to review the legitimacy of the communication – and if you’re unsure, please contact PEXA Security.   However, the use of email is strongly discouraged for exchanging bank account details – this is NOT a safe channel for the communication of sensitive information.   Instructing your client to provide their bank account details via email directly places you and your firm at significant risk of a cyber-attack.   Subscribers are urged to verbally confirm bank account details with clients before entering them into the PEXA workspace.     Support for you   We highly recommend you make use of PEXA Key. This free app has been specifically built for the industry to eliminate the risk of email phishing and enables clients to provide their bank account details to their legal representatives safely.     If you believe you have clicked on a malicious link or downloaded a suspicious attachment, please reach out to us at  security@pexa.com.au  and we'll be happy to assist you.     Thank you. Indika Wimalasiri Senior Information Security Manager - PEXA ------------------------------------------------------------------------------------------------------ Please note that PEXA will never:   Call you from unverified phone numbers. Ask for your multi-factor authentication code. Request files or information from you via a third-party service. Email you from unofficial addresses (emails that don’t end in @pexa.com.au). Send you an email advising you to click a link to log in to the platform. ... View more
Category:
  • security advisory

Phone and email scammers impersonating the Austral...

by IndikaWimalasiri Star Employee in Security Updates
‎07-01-2021 11:36 AM
2 Likes
‎07-01-2021 11:36 AM
2 Likes
Dear Members,   We have been notified scammers are purporting to be from the Australian Cyber Security Centre (ACSC) are calling and emailing the Australian public attempting to trick them into installing malicious software on your computer devices. ACSC is attached to the Australian Government Cyber Security Division. ACSC does not approach the Australian public for such activities hence any calls, emails, or text messages pretending to be coming from ACSC requesting to click on links should not be actioned. The recommendation is to delete them immediately and notify ACSC on  1300 292 371 (1330 CYBER)     More on this can be found out on the ACSC website or through the URL below.   https://www.cyber.gov.au/acsc/view-all-content/alerts/phone-and-email-scammers-impersonating-acsc   As always verify the source before actioning on any information received via digital channels to make sure you are getting it from a verified reputed entity.   Thank you.   PEXA Security Team. ... View more
Category:
  • security advisory

Security Alert | Fraudulent calls related to PEXA ...

by IndikaWimalasiri Star Employee in Security Updates
‎21-09-2020 03:05 PM
3 Likes
‎21-09-2020 03:05 PM
3 Likes
Dear members,   PEXA would like to advise that we have reported instances of malicious parties, purporting to be from PEXA, reaching out to members and their clients via telephone.   In these cases, the caller requests that the member and/or client “opt in” for financial services related to PEXA Key. Please note that PEXA does not have any such opt in or opt out functionality built into PEXA Key. PEXA Key provides three core services:               A secure channel for communicating bank account details Notifications providing your clients with a countdown to their property settlement Settlement tracking and ‘what to expect’ information   Any requests for account details are securely completed within the app or actioned by the practitioner within the PEXA Exchange.   Additionally, PEXA does not use or authorise any third party to contact members or their clients regarding PEXA Key or any other PEXA service.   Legitimate communications from our team will be delivered from email addresses ending in “@pexa.com.au” or via our PEXA Support Centre: 1300 084 515.   As always, do not act on any unknown phone calls, emails, text messages. If you are unsure of the caller ID, hang up and redial the number. Further, do not click on links or open attachments in any email unless you are sure of the sender’s authenticity.   If you encounter suspicious activity, email PEXA’s security team at security@pexa.com.au and we’ll kindly assist.   Thank you. PEXA Security. ... View more
Category:
  • Security

Reduce your cyber-security risk significantly by i...

by IndikaWimalasiri Star Employee in Security Updates
‎03-09-2020 10:13 AM
‎03-09-2020 10:13 AM
Reduce your cyber-security risk significantly by implementing these simple steps     2020 has been one we never thought it would be. The ongoing global COVID-19 pandemic is forcing us to change our ways of work. Today’s technology provides great flexibility, enabling us to work from anywhere, with many of us presently using our homes as our primary places of work. Let’s refer to this as “remote working”.   Remote working has been part of our lives for some time, but never previously in the capacity it is today. There are reports that people are spending more time on work than they were doing pre-COVID in the office. Employees tend to use multiple devices to get work done while managing other personal aspects of their daily lives during these times. As we increase our use of mobile devices to continue to work and connect, there’s never been a more important time to be diligent in securing our devices. With the convenience of remote working comes the challenge of protecting against parties with malicious intentions to steal your information or cause damage to your professional/personal lives.   The Australian Cyber Security Centre (ACSC) is the Government agency that provides guidance to the Australian public on cyber-security and increases awareness of cyber related matters. PEXA is a proud partner of the ACSC.   There’s lots of information in the public domain covering the what and why of cyber-security but not so much clarity on the how. To address this, the ACSC has put together some very simple, but very important step by step guides on 12 cyber security controls to immediately assist with reducing the cyber-security risk to you and your organisation. These are explained in an easy-to-understand format – focusing on actions such as updating your devices across multiple device/operating system types to backing up your data and enabling two-factor authentication on your applications.   Please use the safe link below to access this information and also take the time to share it with your family and friends. Together we can create a cyber-safe environment for everyone.   https://www.cyber.gov.au/acsc/individuals-and-families/step-by-step-guides   Here are some key recommendations for you to stay secure:   Keep your devices/apps up to date at all times Keep a backup of your data (it is very easy to backup data now with cloud storage services) Be aware of the website and the apps you use. Delete the apps you no longer use or require Remain vigilant on emails asking to take your actions and seeing a level of urgency (do not solely rely on the email appears on the email as they can be easily spoofed) Be aware of the ongoing scams so you know when something is not right (Scam Watch has a great list of ongoing scams in Australia and regularly updated) Do not use the same password across all your apps/services – use a password manager Use websites like HaveIbeenPwned to check your email addresses are part of the previous breaches periodically   Join the discussion on the PEXA Community below and follow us on social media for more tips and articles like this.   PEXA Security Team ... View more
Category:
  • security awareness

File Sharing Email Scam - Multi Factor Authenticat...

by IndikaWimalasiri Star Employee in Raise a Security Concern
‎28-02-2020 04:12 PM
1 like
‎28-02-2020 04:12 PM
1 like
Dear Members,   Legal Practitioners Liability Committee (LPLC) recently published an article about an ongoing fraudulent document sharing email circulating among the legal community. They are essentially looking to steal your credentials to login to your email  accounts by tricking you to click on a link. Highly recommend you are taking time to read the publication to increase your awareness and your staff on this matter.   This is a great reminder to implement two factor authentication on your email accounts (for that matter on all the online services you use where 2 factor authentication is offered) which will significantly reduce the risk of falling in to this type of scams.   Access to the LPLC article below or browsing to the LPC website.   FILE SHARING EMAIL SCAM – MULTI-FACTOR AUTHENTICATION WILL HELP PROTECT YOU    Few quick actions you can take to increase your cybersecurity awareness,   1.Take time to assess your online presence and enable two factor authentication on applications 2. Share the LPLC article with your staff and your colleagues in the industry to increase the awareness 3. Print the PDF in the article and leave them where everyone can see them. Example - on a common wall. 4.Generate and build a cyber risk aware culture by creating space for your staff to learn and stay safe about cyber risks and threats.   Thank you ... View more
  • Tags:
  • security
Category:
  • Security

Phishing Email Notification

by IndikaWimalasiri Star Employee in Raise a Security Concern
‎14-02-2020 01:23 PM
1 like
‎14-02-2020 01:23 PM
1 like
Dear members,   We are aware of an email phishing attempt targeting PEXA members, asking about the "PEXA Residential Seller Guarantee". Please be vigilant for similar emails and take time to validate before taking any action within emails. I have attached a sample email a member received on 12 February 2020 for your reference.   If you come across any or similar email notifications, please don't click on any links, inform your PDS/PEXA Partner and forward it to security@pexa.com.au.   ---------------------------------- Phishing email capture below   End of image. ----------------------------------   Thank you.   PEXA Security Team ... View more
  • Tags:
  • Never Trust a Link
  • Security awareness
Category:
  • security awareness

Re: Microsoft Internet Explorer Critical Zero Day ...

by IndikaWimalasiri Star Employee in Security Updates
‎14-02-2020 01:13 PM
‎14-02-2020 01:13 PM
Microsoft has now released required updates to this vulnerability. All applicable systems should proceed to patch to address the threat. ... View more

Microsoft Internet Explorer Critical Zero Day Vuln...

by IndikaWimalasiri Star Employee in Security Updates
‎21-01-2020 09:39 AM
3 Likes
‎21-01-2020 09:39 AM
3 Likes
  This advisory applies to   Microsoft Internet Explorer   Web Browser       What is the new software vulnerability? PEXA Security is aware of a Microsoft Windows Internet Explorer zero day vulnerability which is being attacked by malicious actors and other cyber criminals over the internet. You can be a target of this attack by clicking on a link or opening an attachment sent you by an unknown party or malicious actor. More information on this can be found on the links below   How do I address/mitigate the vulnerability? Currently there is no patch available from Microsoft for this vulnerability. However, they have provided a workaround to protect users from being a target of this attack.   Important - Given the use of malicious websites as part of the vulnerability’s exploitation routine, individual users are encouraged to practice caution when it comes to clicking links, especially those embedded in a suspicious email message.   Do I need to take any action? Reach out to your IT support service team or your regular System Maintenance team about this vulnerability. They may already be aware of this and it would be important to check with them and follow the instructions given.   https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200001 https://thehackernews.com/2020/01/internet-explorer-zero-day-attack.html   Thank you. PEXA Security ... View more
  • Tags:
  • Security Advisory
Category:
  • Security

Security Advisory – Citrix Zero Day Vulnerability ...

by IndikaWimalasiri Star Employee in Security Updates
‎14-01-2020 02:38 PM
‎14-01-2020 02:38 PM
  We are aware of a critical zero day vulnerability discovered in the Citrix application.  This vulnerability is still without any permanent fixes and patch is yet to be released by the Citrix vendor.   If you are using Citrix applications (example - for digital signing certificate) described in the article below there is a potential you may be vulnerable.  Your IT team/ support services may already be aware of this and it would be important to check with them and follow the instructions. We recommend you consider implementing the mitigation strategies explained in the advisories below.   https://www.citrix.com/blogs/2020/01/11/citrix-provides-update-on-citrix-adc-citrix-gateway-vulnerability/   https://support.citrix.com/article/CTX267027   https://support.citrix.com/article/CTX267679   Thank you PEXA Security Team ... View more
  • Tags:
  • Security Advisory
Category:
  • Security

Security Advisory - Critical Vulnerability Alert

by IndikaWimalasiri Star Employee in Security Updates
‎14-01-2020 12:13 PM
‎14-01-2020 12:13 PM
  Dear PEXA Community,   This advisory applies to Firefox Web Browser installed on all device types.   What is the new software vulnerability?   New critical vulnerability in the Firefox web browser has been discovered by security researches which is currently being attacked by malicious parties and criminal groups. Attackers could use this vulnerability to gain access to your devices by exploiting the way Firefox browser works on your devices.   Do I need to take any action? Yes. Firefox vendor has released an emergency security update which addresses the vulnerability and has advised everyone who uses Firefox to immediately update to the latest version.   How do I update my Firefox Web Browser? PEXA Security always advise to keep your software, including web browsers, up to date. Please follow the steps below to update your browser,     Open your Firefox Web Browser and Click on the “Menu” and then Click on the “Help"  (As indicated in red colour on the screen capture below)                 2. Click on the “About Firefox”. This will start the update automatically            3.  Make sure version it displays is as same as below highlighted in red text box     PEXA Security recommends members enable automatic updates to make sure in the future, new browser updates are done automatically.     Go to the top right-hand corner “Menu” and click on “Options” from the dropdown menu             2.  Scroll down to the section “Firefox Updates” and tick the “Automatically install updates” check box. This will install updates automatically without any manual intervention in the future.     Thank you. PEXA Security ... View more
  • Tags:
  • Security Advisory
Category:
  • Security

Reduce your risk of falling victim to cyber attack...

by IndikaWimalasiri Star Employee in Raise a Security Concern
‎13-12-2019 09:27 AM
2 Likes
‎13-12-2019 09:27 AM
2 Likes
Staying safe online has never been more important for individuals and business’ worldwide. In 2018 alone, Australian businesses lost more than $60 million to e-mail scams. It is also estimated that by the end of 2019, cyber-scam losses will exceed $532 million, surpassing half a billion dollars for the first time.    Understandably, it can be difficult to know where to begin to ensure you’re taking the appropriate steps to avoid falling victim to cybercrime. First, it’s important to get the basics right. Below is a checklist of 12 initial steps that you and your business can take to boost your safety while online.     Anti-Virus — As your first line of defence, ensure you have antivirus protection on all of your devices, including mobile devices.   Two Factor Authentication(2FA)    for e-mail  — Most email providers, such as Google and Hotmail, provide 2FA to protect user accounts. This significantly reduces the threat of intrusion by a hacker if your password is compromised, as your account is secured by an additional layer of protection (the passcode that you receive through SMS or the mobile app).   PEXA members must use Multi-factor authentication (MFA)  to access the platform, providing an extra layer of security when logging into your account.    (Note: It is recommended to use an app-based security PIN generator for 2FA, such as Google Authenticator, rather than SMS).  Phishing  — E-mail phishing is the number one avenue used in cybercrime. The typical phishing email will contain a false and/or mimicked story designed to lure you into taking an action such as clicking a link or button in the email or calling a phone number. Learn how to identify a phishing e-mail with the help of this  interactive tool .   Password  — Do not use the same  passwords  on multiple systems. If your password is compromised, then hackers can access all of your other services as well. Use a password manager to maintain your varying passwords or pin codes.   Additionally, instead of passwords, use passphrases. Passphrases can be a minimum of three words combined that are easy to remember with numbers and special characters e.g. UniverseAthletic4!  Use host-based firewalls  — Both Windows and Apple OS offer firewall capability. These are not difficult to set up and easy to follow help videos are easily found online.  Update operating systems and applications  — Operating systems (OS) and application vendors frequently release security updates to address vulnerabilities. We highly recommend you have automatic updates enabled so it all happens in the background without waiting for your intervention.  Review applications  — Spend 5-10 minutes inspecting your system and applications. If there are unwanted applications in your program list, uninstall them. This is because third party apps can contain vulnerabilities that hackers may then exploit.  Email Rules  — Email providers offer the capability to create  rules.  If your email is compromised, there is a possibility that the hacker created rules in your email system to forward mail to a hacker managed email account without you knowing it. Go in to the e-mail rules section of your account and make sure that only the rules you’ve created are present. We recommend you complete this action at least once per month.  If you find that there are rules you have not created, delete these rules before immediately changing your password. Back-up  —   Backing up all of your data  is paramount. Ensure your back up solution is on a separate device and is accessible if you cannot or are denied access to your files’ original location. Removable Storage  — Do you use removable media such as USB drives? If yes, we recommend using a Cloud file storage instead, as removable media is easily corrupted or infected with malware.  Browser Security  — There are a few important tips to remember here, including:  a. Do not save password/passphrases on browsers b. Frequently update your web browsers  c. Lookout for duplicate or unsecure web pages  Social Media and App Privacy/Security settings  – Do you use your social media,  such as Facebook, to access third party services? If so, we highly recommend  you review the privacy settings on your social media apps to determine what it has access to. Again, 2FA is your friend here. Other privacy tips include:            a. Check settings to ensure you're not providing unnecessary access to your information to apps you've installed.           b. Switch off Bluetooth when it’s not being used.            c. Do not connect to Free Wi-Fi access points no matter how secure it claims to be. If you have no option, then use a VPN service to secure your communications.           d. Don’t let others including family members, use your device without your supervision. They may unknowingly click on links and pop-ups which will expose your device to the hackers. Where possible use parental controls.    Finally, maintain your cyber security awareness. A great place to refer to is the Australian governments’ Staysmartonline resource and, of course, PEXA’s dedicated security page on the e-Conveyancing Community.      Indika Wimalasiri   ... View more
  • Tags:
  • cyber attacks
Category:
  • Security

Security Advisory - Vulnerability Alert - "Bluekee...

by IndikaWimalasiri Star Employee in Security Updates
‎14-08-2019 09:51 AM
‎14-08-2019 09:51 AM
  The threat of cyber-attacks are real but there is something you can do about it.      The Australian Government’s Cyber Security Center has released a critical security advisory to individuals and business organizations using older versions of Microsoft Windows operating systems (Windows Vista, Windows 7, Windows XP, Server 2003 and Server 2008) to apply security update/upgrade to newer operating system version to avoid being compromised for the vulnerability named as “Bluekeep”.   What is Bluekeep ? Bluekeep is a vulnerability in the Windows operating system’s Remote Desktop Protocol (RDP – service use to connect to another computer/network remotely) which allows an attacker to execute commands to compromise your computer. BlueKeep exploit has the potential to spread in a virus fashion and self-replicate without requiring any user interaction.   An unpatched system gives criminals a front door to break into your computer or network and steal your corporate and customer information. The threat of cyber-attacks are real but there is something you can do about it.   How to protect my systems? It is critical that organisations and individuals operating older versions of Windows systems  immediately install Windows BlueKeep vulnerability patch , available at Microsoft website.   Recommendations   Identify the Computer Systems operating older version of Windows Operating Systems. ( Windows Vista, Windows 7, Windows XP, Server 2003 and Server 2008 operating systems) Confirm you have backup of data available if needed. Apply the updates through Windows Update or manually by downloading it from Microsoft website. Reach out to your IT service support team and ask them to address the Bluekeep if not already.   Mitigation activities until patch is applied.   Practice due diligence and be alerted around what happens in your computer. If any unusual activities observed, engage your IT personnel to look in to it. Avoid using Remote Desktop Services from internet. (If needed use it only over a Virtual Private Network and with multi-factor authentication.) Always keep operating systems and application up to date. Backup your data to a secure location. (Cloud storage/offsite volume)   More Info - https://www.cyber.gov.au/news/update-acsc-confirms-potential-exploitation-bluekeep-vulnerability ... View more
  • Tags:
  • security
  • WinBlows

Phishing.. Is it only emails?

by IndikaWimalasiri Star Employee in Security Updates
‎24-07-2019 03:14 PM
1 like
‎24-07-2019 03:14 PM
1 like
What is phishing and different variants attached to it?   An email appears to come from a someone you trust, such as your bank, online store, credit card company or a popular website. At first it all appears normal, but it will try to trick you in to giving away sensitive information, installing malware on your device or open an attachment while indicating an urgency.   Phishing is one of the easiest and very successful avenue for hackers to gain access to your organization's information. Security researchers say more than 90% of the data breaches worldwide are started with a phishing email. For us to defend against this malicious attack type we need to be able to identify the threat as there are multiple variants of methods used by hackers.           Key indicators of a phishing email. What to look for? Article below showcase what you need to look for in an email to make sure it is not part of a phishing campaign. This will help to increase your awareness both in and out of work place.     Thank you.   - Indika Wimalasiri -       ... View more
  • Tags:
  • security
Category:
  • Security

Cyber-Criminals, the Modern-Day Con Artists

by IndikaWimalasiri Star Employee in Security Updates
‎27-06-2019 12:09 PM
3 Likes
‎27-06-2019 12:09 PM
3 Likes
Con artists have been constant figures throughout our society’s evolution. From ‘short-cons’, like the Three-Card Monte to ‘long-cons’, when Victor Lustig sold the Eiffel Tower as scrap metal back in 1925. They use their smarts and charisma to gain the trust of unexpectant victims, all for financial gain. Over the past 20-30 years, the world has evolved dramatically, with advances in technology taking precedence. This has given rise to the modern-day con artist; hackers or cyber-criminals. Since the emergence of e-mail, it has been one of the most prominent and successful mediums for fraud world-wide, including the conveyancing industry; as an entry way to more elaborate scams. For us, the every-day person, employee or business owner, it is essential that we are aware of the real risks of cyber-crime. The following scenario is one example of a hacker at large, trying to ‘con’ their way into the conveyancing industry with a duplicate website.   The Hacker Elliot has been dabbling in cyber-crime for some time. It’s quite a lucrative career – if you know what you’re doing – which he and his team do. He is involved in penetrating computer systems, collecting passwords and then selling them to other cyber-criminals for profit.  However, this time, Elliott decided to do something more elaborate than simply selling these credentials.   “One of these usernames and passwords has landed me a gold-mine. I noticed a few ‘PEXA’ e-mails in this person’s inbox. I did my research and figured it could be a big win for the team. The username and password I have doesn’t match his PEXA account, but I have another way in. The team and I set about duplicating the PEXA login page. In the end it looked almost identical to the original and we placed it on a hosting service based in Belize. Next step, we sent the link via a duplicate PEXA e-mail and waited for our victim, Barry, to enter his details into the fake website. Once we capture his credentials, we’ll have easy access to his account, and his client’s money! The Victim Barry’s firm keeps its staff up-to-date with the latest cyber-security trends. They complete security awareness training to maintain the firm's security posture and the integrity of its service. Barry considers himself to be security-savvy, so he had no worries that morning when he opened his inbox.   “I scrolled through my e-mails and noticed a PEXA workspace notification which I opened straight away. I have a million-dollar settlement today and want it to go smoothly. I clicked on the link in the e-mail and instantly thought twice about my decision – it’s unusual for any company to send you a link to their login page. However, the PEXA login page looks legitimate. Although, before I progress any further, I’d better ensure the web page is secure… I look up at the address bar to check for a padlock symbol – no joy. Instead there’s a red triangle with a white exclamation mark inside. Next, I check the URL begins with ‘https’. It didn’t - Oh no! I exit the page immediately and sigh a breath of relief that I hadn’t entered my credentials into the page. I’d better let PEXA know, other practitioners might not check the website’s security level…”   The Hacker On the other side of the world, Elliot checks if Barry has fallen for his scam.   “It looks like Barry is more tech-savvy than we expected. He didn’t enter his details into our fake website. But not to worry, we’ve sent it to multiple others in his industry. Someone is bound to fall for it. Hold on. The website has been removed, Barry must have also informed PEXA. **bleep** it, all that time and money wasted…”  Elliot and his team quickly bounce back from their failed website scam and start planning their next con. “We didn’t fool them this time, but wait until they see what else we have up our sleeves…”       To learn more about how to identify duplicate websites, please refer to the article " How to identify duplicate or unsafe websites"   ... View more
  • Tags:
  • capture your login details
  • Faux website
  • security
Category:
  • Web Security

How to identify duplicate or unsafe websites

by IndikaWimalasiri Star Employee in Security Updates
‎27-06-2019 12:02 PM
‎27-06-2019 12:02 PM
It’s important to be aware of how to identify a duplicate or unsafe website. You can easily check the security certificate beside the web address (URL). You’ll see one of the following three symbols.     Tips If a website does not display the first symbol above (padlock), this confirms that it is not secure and everything you do is susceptible to a cyber-attack. We recommend you close the browser without completing any further actions such as inserting your login credentials etc. Check if the address begins with "https” (not "http)". This will be another indicator of a website’s security level. If you see "http", this means that there is no encryption in place, and information you provide on that page is at risk of being seen by unauthorized personnel.   If you’d like more information about website safety or other aspects of cyber security, the Australian Government’s Stay Safe Online website provides practical tips to assist everyone in staying secure while online.    Regards, Indika Wimalasiri (PEXA Security Team) ... View more
  • Tags:
  • security
Category:
  • Web Security

Security Advisory - Vulnerability Alert

by IndikaWimalasiri Star Employee in Security Updates
‎21-06-2019 03:03 PM
‎21-06-2019 03:03 PM
Dear PEXA Community, This advisory applies to Microsoft Outlook App installed on Android devices. New vulnerability in the Microsoft Outlook App for Android has been discovered. Attackers could use this vulnerability to gain access to your emails and phone by inviting you to click on a crafted link. Microsoft has released an update to its Outlook app through the Android Google Play Store. PEXA Security advises its members using Outlook app for emails on Android devices to update the app at your earliest window.   How do I get the update for Outlook for Android? 1. Tap the Google Play icon on your home screen. 2. Swipe in from the left edge of the screen. 3. Tap My apps & games. 4. Tap the Update box next to the Outlook app.   Note - Security always recommends keeping your mobile device OS and Apps up to-date by applying updates as soon as they are available.   PEXA Security Team   ... View more
  • Tags:
  • security
Category:
  • Security

Re: Overseas login to PEXA

by IndikaWimalasiri Star Employee in Raise a Security Concern
‎12-06-2019 11:28 AM
‎12-06-2019 11:28 AM
Happy holidays Emma. Many of our members like you, are settling on PEXA while on holidays around the world. It will be a breeze for you too. If you come across any issues with PEXA please feel free to reach our awesome support center.   Thank you.   Best regards, Indika ... View more

Re: Overseas login to PEXA

by IndikaWimalasiri Star Employee in Raise a Security Concern
‎11-06-2019 09:12 AM
2 Likes
‎11-06-2019 09:12 AM
2 Likes
Hi Emma,   Thanks for reaching out to us. You can happily settle on PEXA while you are on holiday in Bali. We are not aware anyone had issue accessing the RevenueSA website overseas. However, I recommend you contact them on 1800 637 778 to be sure before you catch your flight to sunny Bali.    One other thing I would like to point out is our Member Support Services GM Heather Crichton has written a great handy guide to prepare you before you go overseas and if you are planning work while there. Please check this out.   https://community.pexa.com.au/t5/PEXA-Community-Blog/Working-Outside-the-Office/ba-p/16035#.XP7i_4D3xSQ.mailto   Enjoy your holidays Emma.   Regards, Indika       ... View more

Security Advisory - Vulnerability Alert

by IndikaWimalasiri Star Employee in Security Updates
‎28-03-2019 02:12 PM
3 Likes
‎28-03-2019 02:12 PM
3 Likes
  Dear PEXA Community,   This security vulnerability notice only applies to members using an ASUS branded laptop device.   Security researchers have discovered a critical vulnerability with ASUS laptop computers relating to its “Live Update” software component. Live Update is functionality on ASUS laptop computers that keeps your ASUS laptop software up-to-date .   As a user, you are required to update the “Live Update” software component to Version 3.6.8 or higher at your earliest window to ensure your device is secure.   The article linked below, published by the vendor, outlines the steps you are required follow to make your device secure. To ensure your device is safe please follow the details here.   PEXA recommends you reach out to your IT Support team/provider if you require further assistance in addressing this security issue.   PEXA Security Team ... View more
  • Tags:
  • alert
  • ASUS Live Update
  • secuerity
  • security
  • vulnerability
Category:
  • Security

Re: Overseas login to PEXA

by IndikaWimalasiri Star Employee in Raise a Security Concern
‎27-03-2019 01:43 PM
1 like
‎27-03-2019 01:43 PM
1 like
Hi Claire,   Thanks for reaching out to us.  You can access PEXA platform from China while enjoying your holiday.   Happy holidays Claire ... View more

Re: Overseas login to PEXA

by IndikaWimalasiri Star Employee in Raise a Security Concern
‎08-03-2019 12:44 PM
‎08-03-2019 12:44 PM
PEXA Platform can be accessed from anywhere given you have a stable internet connection.   Members can not load the digital certificate on to a mobile device hence digital signing can not be done on the tablet devices.    ... View more

Security Advisory - Vulnerability Alert

by IndikaWimalasiri Star Employee in Security Updates
‎07-03-2019 02:24 PM
4 Likes
‎07-03-2019 02:24 PM
4 Likes
Dear PEXA Community,   High severity vulnerability has been discovered in the Google Chrome Internet browser. Attackers can use this unpatched vulnerability to steal information from your computer. Google has issued an update to the Chrome Internet browser to address the vulnerability. PEXA Security strongly recommend PEXA members check the version of the Chrome browser used and make sure it is up to date.    Please follow the steps and figure shown below.   Open Chrome browser -> Click on settings -> Help -> Click on “About Google Chrome” Check your version number to make sure it’s 72.0.3626.121 or later.   PEXA Security Team ... View more
  • Tags:
  • Furthermore
  • security
Category:
  • Security

Stay Smart Online Week

by IndikaWimalasiri Star Employee in Security Updates
‎08-10-2018 01:55 PM
2 Likes
‎08-10-2018 01:55 PM
2 Likes
This week is # StaySmartOnline Week. The campaign aims to reverse the threat of cyber-crime by empowering people to discuss and own their cyber-security. Over the next few days we’ll be sharing a number of best-practice resources to assist you, here on Community and on PEXA's social channels.   ... View more

Re: Overseas login to PEXA

by IndikaWimalasiri Star Employee in Raise a Security Concern
‎11-09-2018 08:29 PM
‎11-09-2018 08:29 PM
Hi Jayson,   We apologies if this has inconvenienced you in any way.   Regarding PEXA’s security decision, geographical blocking is an effective security control that many advanced technology companies are using to protect their customers from external threats.    The decision to block these countries is based on securing the wider conveyancing network. Global risk indicators and internal intelligence resulted in the decision to disallow connections originating from these countries.    We are continuously monitoring cyber-activity, if an assessment confirms China and Taiwan need to be blocked, we will do so.   We could also like to invite you to the PEXA Member Open day at our Melbourne office September 20. Our security team will be presenting and meeting with members to answer any questions you have.   Regards, Indika ... View more

Re: Overseas login to PEXA

by IndikaWimalasiri Star Employee in Raise a Security Concern
‎11-09-2018 11:07 AM
‎11-09-2018 11:07 AM
Hi Jayson,   Thanks for your question.   To keep the network safe for all members there is a handful of countries blocked from assessing PEXA. PEXA does not allow connections originating from Russia to access the platform. We also do not allow connections originating from Romania, Brazil, Turkey, and the Ukraine.  Was your support query related to this or something else?    Thanks Indika Security Team ... View more

Re: Security Advisory - New Malware could be Infec...

by IndikaWimalasiri Star Employee in Online Security
‎04-07-2018 08:51 AM
3 Likes
‎04-07-2018 08:51 AM
3 Likes
This refers back to the Security Advisory posted on 31 May 2018 about a particular  vulnerability   of home routers and modem devices. There is a further development in this space. Security company Symantec has developed a simple tool you can just run on your home network to asses whether your device is infected by "VPNFilter". Takes a less than a minute. You can access the tool   visiting the url   http://www.symantec.com/filtercheck/ Below is a screenshot after running the tool. What to do if you are infected If you  are concerned  that your router is infected by VPNFilter, we recommend performing the following steps in order. Please consult the documentation for your device for specific details on how to perform these steps: Perform a hard reset of your router to restore its factory settings. Please save your router configuration first, as you will need to reconfigure your router after this step. Power down and restart the router. Note that simply restarting your router without first performing the factory reset may not remove VPNFilter. Change the default administrator password for your router to a more secure password. If possible, disconnect your router from the public Internet while performing this step. Apply the latest patches and updates for your router. Note   - As a best practice make sure your devices are, Running up to-date software on the modem/router devices Never use default password comes with the devices, change it to a passphrase with complexity. Don't use same password on all the devices and applications. ... View more

Security Advisory - New Malware could be Infecting...

by IndikaWimalasiri Star Employee in Online Security
‎31-05-2018 09:09 AM
3 Likes
‎31-05-2018 09:09 AM
3 Likes
Security Advisory   Every now and again we come across security issues that can impact you at home. There is one that is making some noise in the security world. The new virus/malware discovered can infect your home or small business router (the box that connects to the Internet). It’s called “VPNFilter” and the estimated number of infected devices is around 500,000; in at least 54 countries.   Read on to see if this affects your internet box (router/modem) and what to do to protect yourself.           1. How does this affect you? If you have a router/modem from the following companies, it’s suggested you review your vendor’s update steps. Vendor Action to take Telstra No action – Telstra reports that your modem is updated automatically Linksys Follow the vendor directions Netgear Follow the vendor directions MikroTik Follow the vendor directions TP-Link (TP-R600VPN model only) Follow the vendor directions QNAP Systems Follow the vendor directions            2. Can I learn more about the VPNFilter issue? If you would like to get into the details, follow this link (https://blog.talosintelligence.com/2018/05/VPNFilter.html)          3. Is there anything we can do to be secure? A few helpful tips to keep your home devices secure are: Always change the default password. Put a password on your home wireless network. Use a strong password with at least 8 characters, a combination of upper and lower case, include numbers and special characters such as @, #,and !. Use a different password on your PC, to your email, to your work, and so on. Make sure you update your software regularly so that security patching occurs.   If you still have questions, email security@pexa.com.au ... View more
  • Tags:
  • Security Advisory

Re: Phishing Emails... How to stay away from it...

by IndikaWimalasiri Star Employee in Online Security
‎20-04-2018 08:56 AM
2 Likes
‎20-04-2018 08:56 AM
2 Likes
@LawyersConveyancing  Great insight Peter. What happens out there can be scary at times but it’s not all that bad. Having a clearly defined cyber security plans and policies which provide everyone involved the information and knowledge they need to stay secure as part of their work is one effective way of dealing this with challenge.      Regards, Indika ... View more

Phishing Emails... How to stay away from it...

by IndikaWimalasiri Star Employee in Online Security
‎17-04-2018 10:30 AM
2 Likes
‎17-04-2018 10:30 AM
2 Likes
Dear Members,   Below is an example of an actual phishing email for awareness purposes. Please take a moment to look at the pointers to understand how you can be misguided by a hacker. Being on top of this can help you to stay safe online. Remember, one click is all that matters to open the door to whole new level of issues.       Here are few helpful steps and questions to try/ask yourselves before clicking on any suspicious/unknown email. Reputable & legitimate organizations:   Don't request your sensitive information via email - Legitimate organisations do not send you emails asking you to download certain content e.g. utility bills, gift card link etc. or request you to verify your account details by clicking on a link.   Don't call or address you by a common greeting - Most of the time it will not include generic greetings e.g. "PayPal User", unless it’s advisory and openly available information.   Have their own email domains - Don't just look at the person's name sending the email. Check the full email address including the domain to make sure it is actually from the organisation represented, as most of the time they'll have their own domain. Hover your mouse over the email to verify this and make sure there's no additional numbers or special characters attached to the address. If there are, it is most likely a phishing e-mail.    Don't make grammatical errors - Spelling mistakes and bad grammar are key giveaways that it's phishing.   Don’t force you to their website - Most of the phishing emails contain multiple hyperlinks to maximize their chances of you clicking on one of them.   Don't send unsolicited attachments in the emails - Attractive attachment headings are another giveaway that it is a phishing scam. Another common case is utility bills or any other public event happening around the same time. Scammers use these events or news items to grab your attention and potentially to get you click on the links.   Send legitimate URLs - It may look like it is but it may send you somewhere else. Hover your mouse on the link (do not click) to check the link is actually legitimate and does not represent a different suspicious name. Always type the URL into your browser rather than using links on emails if you want to access the website. Don’t trust the email, instead call the sender to validate the request.   I clicked on it... Now what happens?   If you click on a phishing link accidentally, it does certain actions behind the scenes which you cannot see. These actions could be anything from a simple add popup on your screen to a stealing of your personal/customer data. So, if you fall into this category, speak up and seek help by contacting your internal security professionals or IT partners. Sending phishing emails and inviting people to click on these links are by far the most successful way for organisations to experience data breaches.     if you find any phishing/spam material referring to PEXA, please forward it to security@pexa.com.au     ... View more
  • Tags:
  • Security Tips
Latest Tags
  • security
  • Security awareness
  • Security Advisory
  • cyber attacks
  • alert
  • secuerity
  • vulnerability
  • Security Tips
  • Sec
  • Phishing Emails
  • Password Security
  • SecurityTips
View All
Likes Given To
User Likes Count
EmilyBilling
EmilyBilling Product Owner
1
Jarrod_McAleese
Moderator Jarrod_McAleese Moderator
1
View All
Likes From
User Likes Count
DMc
DMc Community Superuser
18
MichelleF
MichelleF
1
jdeen
jdeen Star Employee
2
HillsSolicitors
HillsSolicitors
1
DandyCandy
DandyCandy
4
View All
PEXA

|

Facebook Twitter LinkedIn
  • Support
  • Privacy Policy
  • Terms of Service