The large sums of money involved in buying and selling property make conveyancing a very attractive area for criminals. With most transactions and most communication now electronic, it’s no wonder that cybersecurity in conveyancing is critical.
Contract Conveyancing has stringent policies and procedures designed to make sure your money doesn’t end up in the wrong hands. The foundation of our cybersecurity strategy is to educate our clients. We do this at all stages of the conveyancing process, so you know what to expect. If something doesn’t seem quite right, we want you to contact us immediately.
Email is so universal that you may assume that it’s secure. Unfortunately, that’s not true. Personal email accounts are all too easy for hackers to break into.
Our business email systems are managed by professional IT experts, and have the most stringent security possible in place. Our systems are monitored, and there are procedures in place such as changing all passwords if there’s any sign of a potential breach.
We’ve trained every member of staff in email security basics, and in our specific practices to enhance cybersecurity.
Our number one security policy is that we don’t open any email attachments unless they are sent from known emails of known clients. We regularly receive emails from scammers that look like potential business for us.
So how do we handle those requests?
We treat the email as a new enquiry and follow our standard process. Most scammers disappear at this stage. A few come back, adjusting their tactic, requesting an urgent contract review because ‘the property is going to auction’– but they still don’t verify their identity. The scammer cannot get any further in our standard process, without providing critical information.
The beautiful thing about this process is that it’s exactly the one we use for a genuine client too. We set up a file before we open any attachments, and we require the basic details to set up the file. So it’s very secure and it’s client-friendly.
We aim to keep sensitive information away from email. That includes account details of any kind.
All lawyers and conveyancers are advised to avoid sharing account details by email, but we’ve still heard of cases where a screenshot showing the account details is included in the email. There’s a belief that this is safer than typing, but it’s still very easy for a criminal to intercept, then view or modify an image.
One common kind of email fraud is related to invoices. The cybercriminals intercept invoices sent via email and alter the payee account details.
We organise our processes so that only a very small number of invoices are sent by email. For those invoices:
· We offer payment methods other than bank transfer, which are generally more secure. We use RapidPay so that you have a range of options for how to pay.
· We also advise you, clearly and visibly, that if you are going to transfer funds, you should call us in the office and check the bank account details before you make the transfer. This is a great way to confirm that the invoice has not been doctored between leaving our outbox and arriving in your inbox.
There are only a couple of occasions where we need to invoice you and receive payment outside of PEXA. Our terms of business are such that we’re paid on settlement – and that’s handled within PEXA. It’s easier for you as well as more secure for everyone.
PEXA is the Australian industry-wide digital settlement platform we use for all settlements. Each transaction has its own secure digital workspace, and only the relevant parties can register for and access that workspace.
As a buyer or seller, you use the PEXA Key app to access your workspace. This immediately makes it far more secure as email communication is eliminated.
Since PEXA handles all the settlement transactions, you have to upload your bank account details. But you do this from your smart phone, with no email interaction at all, and access to those details is limited to your workspace.
So you never share your bank account details via insecure email. Neither do we, in most cases.
For the vast majority of transactions – including all the high value ones – PEXA makes things very safe indeed!
We also educate clients about how other parties to settlement usually operate.
It’s hard for hackers to get into PEXA. So they try other options. They may, for example, send you emails which look as if they come from PEXA. So we advise quite clearly that PEXA will not send you emails.
Alternatively, hackers may pose as Revenue NSW and send an email or text message inviting you to pay your transfer duty (stamp duty)directly to them. While it’s possible Revenue NSW may communicate with you via email for some issues, we know they’ll never do so in relation to a property settlement.
We tell you this, so you can be wary of emails apparently sent by PEXA or Revenue NSW. We encourage you to call us and check before making any payments. The team at Contract Conveyancing can log into your PEXA workspace, see the situation there and cross-check the details.
It’s part of our job, part of our duty of care, to keep your money safe and to distribute it properly at settlement. That’s one reason we take cybersecurity so seriously. We also do it because it’s just the right thing to do.
So if you want to be confident you’re in safe hands for your next property deal, we’d love to help.
