About DavidWillett

Hi Community,   I’d like to advise members of an email phishing scam targeting PEXA Exchange users. In this instance, an email was sent to a practitioner, purporting to be from PEXA via WeTransfer, asking the recipient to open/download files.   Malicious emails being sent via WeTransfer is an ongoing cyber-threat affecting Australian organisations. Please note PEXA does not use WeTransfer for any email correspondence or service.   What to do   If you receive an email appearing to be sent from PEXA via WeTransfer, do not click any links and delete immediately.   As always, if you receive a similar phishing email or another communication you believe to be suspicious, please:   Do not respond Do not click links or download attachments Delete the e-mail Report it to your relevant security administrator or e-mail PEXA’s security team at security@pexa.com.au.   PEXA will never send you an email advising you to click a link to access the PEXA Exchange, and will always direct you to login to access your account via pexa.com.au.   Learn more about phishing e-mails here.   Kind Regards,   David Willett General Manager, IT Security ... View more

Hi Community,   As you may be aware, this morning several high-profile Twitter accounts were targeted by cyber-criminals. You can read about this here.   While this incident has no impact on PEXA or the broader network, it’s a timely reminder to be cyber-aware when working or browsing online – particularly on social media.   As always, only seek information from known, trusted sources and remember that PEXA will never send you links requesting your sensitive login or financial details. If you have any questions or would like to flag suspicious material, please get in touch with our friendly team at  security@pexa.com.au . Kind regards, David Willett General Manager, IT Security ... View more

Hello Community   With many businesses asking their teams to work remotely, security experts are warning of spikes in cyber-crime attempts. The global COVID-19 pandemic has sparked a surge of phishing attempts on unsuspecting individuals. One such attack used the logo of the CDC Health Alert Network claiming to provide a list of local active infections, before stealing confidential information from the unprepared victims. Cyber criminals are looking to take advantage of this period of global uncertainty, reinforcing the urgent need for everyone to be extra vigilant when it comes to cybercrime. We strongly recommend Australian lawyers and conveyancers utilise the tools and processes available to them to mitigate this risk, including: Install and update your anti-virus software Ensuring your anti-virus software is up-to-date is critical. Cyber-criminals can use a number of different methods to try and attack your devices, anti-virus should always be your first line of defence in protecting you and your business.   Keep operating systems (OS) and browsers up-to-date Updated OS and browsers add protection from security issues that could be used to compromise your information. Restart your devices regularly to make sure updates are fully installed. Cyber-criminals use weaknesses in outdated software to scam individuals and businesses. The best way to keep you and your business safe is to action software updates the instant they become available.   We also recommend that you shut down and restart your device frequently for automatic updates to proceed.   Do not use public WiFi If outside of the home or office, we do not recommend the use of free WiFi.  Instead, use your mobile as a hotspot (or purchase a 4G mobile router). This will provide you with a safer connection online. Public WiFi is easily compromised by hackers and your personal information easily obtained.    Virtual Private Network (VPN) When you’re working from home for an extending period of time, use your company’s VPN to make sure that you maintain a secure connection to all your corporate services and applications, away from the prying eyes of cyber-criminals.   Phishing – protect you and your clients’ information With reported email phishing attacks on the rise and the risk becoming more tangible across the world, it has never been more important for us and the broader e-Conveyancing network to use the tools available to us to protect against this threat. While you’re working remotely and limiting face-to-face client meetings, bank and trust account details can be communicated safely via the free PEXA Key app between you and the homebuyer or seller. The app removes the need to use email, mitigating any risk of succumbing to email phishing attacks in the sharing of critical transaction information. Lawyers and Conveyancers who use InfoTrack can also use Securexhange to communicate sensitive information with real estate agents.   Multi-factor Authentication (2FA/MFA) Check the security and privacy settings of all your essential services and make sure they have 2FA/MFA available. When logging into PEXA, members must use MFA to access their accounts. Although users have the option of receiving their MFA code via SMS or the smartphone app, we find the most reliable option to be the latter – via the PINGID application. The code is generated immediately in the smartphone app for users to transcribe into PEXA.  The SMS option can experience latency issues with some telecommunication providers, meaning the code is not received by the user for some time. If you’d like assistance moving from SMS to the smartphone app, please contact PEXA’s Support Centre on 1300 084 515.   Protect your passwords Keep your passwords and pin codes safe. Now might be a good time to change your passwords and use a password manager e.g. LastPass and 1Password to ensure you have unique passwords for all your different accounts. This ensures that if one of your accounts is compromised, the others are protected, and the impact is minimised.   Kind regards   David Willett Head of IT Security, PEXA ... View more

Hi Community,     Whilst businesses around the country and indeed the globe are making important preparations to respond to COVID-19 (Coronavirus), it is important to understand that cyber criminals can use a situation like this to their advantage.   Targetted phishing attacks, with malicious content disguised as Coronavirus notices, may be launched to capitalise on the public's desire to learn more about the outbreak. There have already been reports in the media about scams attempting to steal personal information or infect people's devices with malware that distributes false information or scam products.    In one example, a phishing email that used the logo of the CDC Health Alert Network claimed to provide a list of local active infections. Recipients were instructed to click on a link in the email to access the list. Next, recipients were asked to enter their email login credentials, which were then stolen by scammers.   What to do to protect yourself  If you want to educate yourself further on COVID-19, only look at reputable sources like the World Health Organisation, Centre for Disease Control or the the Australian Governments Department of Health websites.  Always be on the lookout for tell-tale signs of email phishing from emails that appear to come from reputable sources. Remember, you can look at the sender’s details – specifically the part of the email address after the ‘@’ symbol – in the ‘From’ line to see if it looks legitimate.  Be weary of social media posts that attempt to bait you to click on links to gain more information. Social media is notorious for being used to spread misinformation despite the review processes that have been implemented by these sites in recent times. As per point number 1, go direct to reputable or government sources to get information on COVID-19.  You can check out our link on phishing emails here to get more general information on how to spot scams.  Finally make sure you have good anti-virus protection installed on your device, whether it be a laptop or mobile.    Kind regards   David Willett Head of IT Security ... View more

Hello   The Legal Practitioners Liability Committee has recently posted an insightful article that details a use case of email compromise leading to funds being transferred to a fraudster.   Be alert and get to know the warning signs that your client may have been compromised. A request to change account details at the last minute? This should always be followed up with a phone call to confirm it is legitimate.   Take a look at the LPLC article here to learn more! ... View more

We  use  our  mobile device and its installed apps  every day . T he apps  we download  make it  easy  for us t o  do  everyday  things like  check  our  mail, tap onto the tram /train /bus , update  our  Instagram story, pay for coffee, track our calories  and now  even  to track   our  property settlement  ( s hameless plug of  PEXA Key ).  All  co nveniently completed   on our way in to work .     With  all  this   private  information  available at the touch of a button ,  keeping our phones and  chosen  apps secure  has become   increasingly  important.    Here are some handy  tips  to  assist you  in  doing so .     1. Download from official stores   Cybercriminals are known to create  rogue mobile apps  that mimic trusted brands in order to obtain users’ confidential information.  To avoid  these type s  of scam s ,  a lways download new apps from the official app stores , check the publisher  is  f rom the official supplier e.g. Property Exchange Australia Ltd)  and when  the  app  w as  last updated .  For example ,  PEXA Key  is  available exclusively on  the  Google Play St ore  and Apple App store .        2. Use device security     All smart phones have multiple methods  of  authentication  available. We advise you to:   Not leave your phone unlocked .  Make sure your phone is set to auto lock within 30-60 seconds of inactivity ; and   Use at least one of the authentication methods available to unlock your device e.g. facial recognition etc.    If using a pin code  to access your phone, do not use the same pin for your apps  or write the m  down  on a piece of paper . Try using  a  password manager   app  to  store ,  keep track of  and generate new  passwords  and  pin codes.      3. Call your provider    If you  lose  or  m isplace  your phone, call your provider  to ensure your SIM is deactivated  to protect your  phone and the apps on it from potential criminals.  This is good advice for your clients who use PEXA Key . It is also important that they remember to  notify you in the  unlikely  event  that they lose their phone.     4. Anti-virus on your phone    Your  hand-held  device is no different to your laptop  o r  PC and  is similarly  susceptible to scams such as phishing .  Consider installing  anti-virus software  onto your mobile device.   ... View more