The recent cyber-attack on a conveyancing firm’s email system serves as a timely reminder that firms must adopt an integrated approach to fraud detection and prevention on a practitioner level.
The security breach resulted in hackers stealing $250,000 of sale proceeds from the new e-conveyancing platform Property Exchange Australia, also known as PEXA.
PEXA is one of a number of e-conveyancing platforms designed to provide an electronic conveyancing solution to the Australian property industry. Since PEXA was released for testing in 2013, it has been phased in with all refinances and standalone mortgages going digital in 2017, and at least half of all conveyancing firms now use the PEXA platform (in its current five live states). As of July 1 this year, all stand-alone NSW transfers and caveats must be lodged electronically, meaning vendors are able to access cleared funds almost immediately after settlement, and purchasers are guaranteed registration of title within 48 hours of settlement.
In the recent cyber-attack, hackers gained access to a conveyancing firm’s email system, allowing them to set up a user account on PEXA and then intercept emails from PEXA alerting the conveyancing firm’s existing users of the new user profile. The hackers were able to edit the vendor’s bank details, resulting in the redirection of all settlement funds to the hacker’s bank account.
PEXA have been quick to address the breach, with acting CEO James Ruddock saying, “These are isolated incidents and do not represent a wider or systemic risk to the PEXA platform”. Since the security breach, PEXA has introduced additional security measures to prevent similar incidents occurring, including timestamps identifying which user entered what data, and when the data was entered. They have also introduced more stringent requirements when setting up new PEXA users.
Law firms must accept responsibility for the security of their systems by ensuring their email and practice management software are sufficiently robust. Regularly updating anti-malware software aimed at detecting suspicious activity will be invaluable. Enacting internal procedures to ensure information is obtained from legitimate sources is also critical. Confirmation of all bank details with your clients and reviewed against your records, as close as possible to settlement, is imperative to ensure this type of breach isn’t repeated.
The introduction of technologies and systems aimed at improving the process of conveyancing is crucial for both clients and the property industry. E-conveyancing services offer unrivalled efficiency compared with traditional conveyancing practices. While there have been some teething problems, e-conveyancing is a positive step for the future of conveyancing and prospective vendors and purchasers should not be discouraged from using the PEXA platform.