Edition 8 | Staying cybersafe
In This Issue...
4 WAYS TO WHAT YOU NEED ARE YOUR EMAILS
PROTECT AGAINST TO KNOW ABOUT AT RISK OF CYBER
CYBER PHISHING CYBERSECURITY IN HACKING?
2019
Learn about safety measures you can With prying eyes targeting
easily implement today to safeguard Get up to speed on the latest trends conveyancing transactions, we
your firm from phishing. from the rise of multi-factor highlight lessons you can learn from
authentication to AI-generated fake recent hacking cases.
More on page 2 audio.
More on page 5
More on page 4
STAYING CYBERSAFE
Cybersecurity has been front of mind for many of our
clients recently. The advancement of e-conveyancing along
with the introduction of the Notifiable Data Breaches
Scheme and GDPR last year have put a spotlight on how we
protect and manage sensitive data. This edition we delve
into high-profile email hacking cases, the latest
cybersecurity trends, and how to protect your firm against
phishing.
4 WAYS TO PROTECT AGAINST
CYBER PHISHING
This article also available in our blog
Phishing is an increasing threat in Australia with the ACCC recording 24,291 reports of phishing attempts in 2018. Phishing is when
cybercriminals pretend to be companies or individuals to obtain sensitive personal information. There have been some widescale
phishing schemes lately with hackers sending very convincing emails posing as Netflix and Spotify and requesting updated payment
information in order to steal credit card details from unsuspecting consumers. You may think you'd never get caught up in such
schemes, but they're becoming increasingly common and sophisticated.
Here are 4 ways to protect your business against phishing.
1) KNOW THE SIGNS
Educate yourself and your staff to be vigilant. Some of the key red flags of phishing emails include:
Unknown sender
Urgency
Unexpected attachments
Unfamiliar links
Requests for pers
If you have any doubts:
Don’t click on links
Don’t open attachments
Verify with ‘supposed’ sender
Report to your IT team
There are a number of online training phishing awareness programs that can be helpful too.
2) SET UP MULTI-FACTOR AUTHENTICATION
Multi-factor authentication (MFA) is a great backup in case you do get hacked. MFA requires multiple factors of identification, for
example in addition to user name and password, you need to provide additional credentials, like a unique code that is texted to you, an
answer to a security question, a fingerprint, or facial recognition. Even if a cybercriminal figures out your password, they'll need access
to your device or biometrics before they can actually log on which creates an additional barrier.
Set up multi-factor authentication in the Office 365 admin centre
Setting up MFA in Microsoft is actually quite easy and can make a huge difference in your security.
1. In the admin centre, go to Users > Active users.
2 | Edition 08
2. IMPORTANT: Before you select a user, choose More (...) > Setup Azure multi-factor authentication.
If you're using the preview version of the admin centre, you In the classic version, you'll find it here:
can find the option for MFA here:
3) MONITOR YOUR EMAIL RULES
If a hacker gets into your email or your client’s, they can set up rules to intercept communications and hide any unusual activity. For
example they might set up a rule to intercept any emails containing account details, automatically delete them from your inbox and
forward it to their own. Check your rules regularly!
4) EDUCATE YOUR CLIENTS
Make sure your clients are aware of the dangers of phishing and review all of the above with them as well. It's important that they
understand the risks and are just as vigilant. Clearly set expectations with them at the beginning of the transaction so that they know
your standard procedure for communication. Include a disclaimer in your communications that emphasise these points as well.
CAUTION on money transfers:
We have reports that scammers are attempting to hijack emails with bank account details so they can substitute their own account
number. As a result DO NOT deposit money to an account nominated by us without verifying the account number by phone.
We will not use bank account details supplied by you without verification by phone.
According to recent stats from the ACCC, up to 50% of data breaches are caused by phishing attacks. Don't let your business be the
next victim.
If you're looking for secure e-conveyancing solutions, get in touch with us at [email protected] to find out how we can help.
Edition 08 | 3
WHAT YOU NEED TO KNOW ABOUT
CYBERSECURITY IN 2019
This article also available in our blog
From 2016-2018, nearly half of Australian companies were hit by cybercrime (source). It's no wonder cybersecurity has already
proven to be a hot topic in 2019. On the heels of a number of high profile data breaches in 2018 and the introduction of GDPR,
cybersecurity is front of mind for many businesses. Here are 4 major trends for the year.
1) PHISHING SCHEMES WILL BECOME EVEN MORE SOPHISTICATED
Hackers aren't just after your credit card details anymore, they're focussed on infiltrating large value transactions. The property
market is especially alluring as it involves constant high-value money transfers between several parties. They've become experts
at hacking into email accounts and following transactions as they progress so they can strike when the iron is hot. They know
when you're ready to transfer the deposit and they send a perfectly timed email from the hacked account with false bank details
to redirect funds into their own accounts. There have been several recent high-profile property fraud cases in Australia involving
these type of phishing schemes that have resulted in significant financial loss for buyers/sellers and reputational damage for
service providers.
2) MFA WILL BECOME STANDARD IN ALL ONLINE TRANSACTIONS
Password-only access will soon be a thing of the past. More and more businesses are implementing multi-factor authentication
(MFA) to safeguard their data, particularly in light of the increased prevalence of phishing. MFA requires additional credentials on
top of a username and password to add an extra level of verification before providing access to sensitive systems or data. It may
require approval from your device or biometrics. This means if someone does manage to get their hands on your login details,
there's an additional barrier to overcome before they can actually access your accounts. You can find out more about Microsoft
MFA here.
3) USE OF AI-GENERATED FAKE VIDEO AND AUDIO WILL INCREASE
We're used to hearing the fears about AI taking over jobs, but of greater concern is how it may be used by cybercriminals against
us. There's a new trend toward using artificial intelligence to create fake audio and video messages that are extremely realistic. This
type of media can be used to add even more credibility to phishing tactics and help hackers to impersonate trusted people.
4) PEOPLE WILL REMAIN THE BIGGEST THREAT TO CYBERSECURITY
The biggest threat to cybersecurity is you, your employees, your partners and your clients. It may only take one absentminded click
or keying in the wrong email address and you could be facing a serious data breach. That's why education and awareness are key. All
businesses should have cybersecurity training and procedure in place to ensure vigilance and best practice procedures. Your security
is only as strong as the weakest link.
These are just a few of the hot topics in cybersecurity this year, but the speed of change is substantial in cyberspace.
If you want to know more about how you can protect your business, you can check out one of our security-related webinars below.
Protecting your firm with VOI Cybercrime in e-conveyancing
How to secure conveyancing How to manage risk in conveyancing
transactions transactions
4 | Edition 08
ARE YOUR EMAILS AT RISK OF
CYBER HACKING?
This article also available in our blog
We’ve heard of cases where hackers have intercepted high-value fund transfers, and we know how much more sophisticated they’re
becoming. Their success stories have caused a raise in concern for the real estate industry, who are now a prime target for their
interception. This means all parties must be vigilant – lawyers, conveyancer, real estate agents, buyers and sellers. You’re only as strong
as the weakest party in the transaction and these things can happen to anyone if you don’t take the time to double check details and
use common sense before transferring money.
What we know about these hackers is that they’re targeting different parts of the exchange. We’ve outlined two high profile Australian
fraud cases below; heed these as a warning of what can happen from the prying eyes of cyber criminals. One case outlines the thief
impersonating the seller requesting the agent to deposit in the wrong account, and one is impersonating the agent to request the buyer
to deposit in the wrong account.
Impersonating the seller
What was assumed to be the “updated” account details of Andrew Buckley, a high-profile Gold Coast investor, was in fact a $90,000
success for an email fraudster. The agency had requested that Buckley send an email confirming his account details, but shortly after
his initial email, another was sent from fraudsters requesting that the money be sent to another bank account. In a world where you
can never be too cautious, the agency’s failure to verify and confirm the updated account details with Buckley resulted in a successful
interception.
Read the article
Impersonating the buyer
An email scam targeted at hacking the email account of real estate agents resulted in more than $200,000 in losses. Consumer Affairs
Victoria received reports after an agent sent through the contract of sale and trust account details to the buyer for payment of the
deposit. Hackers intercepted email communication and sent through a second email advising the account details were incorrect and
leading buyers to deposit the funds into a false account. In an industry where the conveyancing process is being conducted
electronically, the protection of transactions is of great importance.
Read the article
These cases attest to the consequences if you don’t take proper precautions when exchanging bank account details. Cybercriminals are
not discriminative when it comes to those they attack. Let these cases be reason enough in showcasing the importance of safeguarding
property deposit funds and communication from hackers.
Edition 08 | 5
5 FACTS ABOUT OLD SYSTEM SEARCHING
This article also available in our blog 2. WHAT OTHER LAND SEARCHING
SERVICES DO YOU PROVIDE?
We sat down with Mark Groll, InfoTrack’s Old System
Searching Specialist and one of only three people in NSW who Site contamination searches.
can do all aspects of Old System Searching to learn more about Legal Access to and from properties.
the process. Mark has been investigating NSW land titles for Investigation of benefitting or affecting easements, rights of
over 40 years and often liaises with the land titles office to way or covenants, conducted on both Real Property Act lands
make improvements to Old System Searching. His reports are as well as Old system lands.
regularly used in court and stored as evidence with the land lands as well as Old system lands.
titles office. Status of crown lands and searching of crown tenures.
1.WHAT KIND OF INFORMATION 3. HOW LONG DOES AN OLD
CAN YOU FIND THROUGH OLD SYSTEM INVESTIGATION TAKE?
SYSTEMS SEARCHING?
A standard search usually takes 1 day, but depending on the
In the past, investigations were mainly conducted for the sale, commencing point and the complexity it can take up to weeks or
purchase or refinance of a property, in most cases months. I spent 9 months working on a road ownership
investigating the title back 30 years’ in time to identify a good investigation for West Connex which involved determining
commencing point. Unfortunately, these types of old system whether cross roads were private, Crown or Council owned so
searches have decreased over the years as more properties that Roads and Maritime Services could get them into the public.
have been converted to the Real Property Act Title even One of the roads I investigated dated back to 1792.
though it’s risk not to do them. Despite the decrease in certain
types of Old Title searching, the need for investigating Old 4. WHAT HAVE BEEN THE BIGGEST
System Title has actually increased over the years, spurred by CHANGES TO OLD SYSTEM
the following types of investigations. SEARCHING IN THE PAST 40
YEARS?
Locating and identifying lands and terms and conditions of
rights of way, easements and covenants that benefit or When I first started in 1977 it cost 25 cents for a copy of any
affect land, where the encumbrance may not have been document! Digitisation has definitely been the biggest change.
carried forward to the current title. Some of these Though some of the intricacies and integrity of data recording
encumbrances have been found to be created in the 1800s. have dropped off, overall it has benefited everyone by providing
Native Title and Aboriginal Land Claim investigation on the the ability to search quicker. It’s a 24/7 industry now with most of
Old System, Real Property Act and Crown lands. the processes electronic, but there are still a few manual
Ownership of roads and right of way covering all three land processes.
titles systems.
Dwelling for adjoining rural properties, usually under 100 5. WHAT IS THE BEST PART ABOUT
acres in size. WORKING IN OLD SYSTEM
Dating structures for heritage purposes. SEARCHING?
Locating and dating structures for archaeological purposes.
Ownership of roads covering all three land title systems. I love that I never stop learning; there’s always something new to
Searching from the original Crown Grants where the discover and every search is a puzzle that requires slotting the
owner of land adjoining certain types of roads or a non- jigsaw pieces together. I get to work with a variety of people
tidal water way are making a claim for ownership usually to including councils, solicitors, lawyers, RMS, environmental
the middle of the road or creek. This is search conducted scientists, and archaeologists. I enjoy being able to provide results
for a rule called the Ad Medium Filum rule. in an unbiased report; there are only one or two investigations that
I haven’t been able to solve in my 40 years of land investigation.
6 | Edition 08
Webinar Date CPD points
Paperless conveyancing - Smokeball 13 Mar | 1pm 1 CPD
10 tips for old system searching 18 Mar | 1pm 1 CPD
How to secure conveyancing transactions 19 Mar | 1pm 1 CPD
How to improve client experience 19 Mar | 1pm 1 CPD
How to grow your business in a competitive market 20 Mar | 1pm 1 CPD
How to manage risk in online property transactions 21 Mar | 1pm 1 CPD
Increasing efficiency through integration - Smokeball 25 Mar | 1pm 1 CPD
Cladding Levies and Contracts with Russell Cocks 26 Mar | 1pm 1 CPD
Cybercrime in eConveyancing 27 Mar | 1pm 1 CPD
View all webinars
Have a question or interested in contributing to the next edition?
Send us an email at [email protected]
Edition 08 | 7