Is Your Conveyancing Practice Secure From Hacking?
Posted: Saturday, Jul 31

i 3 Table of Contents

Is Your Conveyancing Practice Secure From Hacking?
From KBI

The recent media reports of fraud against conveyancing practices suggest that professionals should be taking measures for protecting their businesses from cyber attacks. Cybercriminals primarily rely on an email-based attack known as phishing to help commit payment redirection fraud. A recent Telstra Security Report found thatย the most common cybersecurity threat in Australia is phishing, with reports of phishing attacks increasing by 1,178% in 2017 over the previous year.

In this article, we explain how cybercriminals operate, and what you can do to prevent your conveyancing practice from becoming a victim of payment redirection fraud.

How Cyber Crime Affects Conveyancing Practices

A cyber attack can mean you are defrauded, have your data held to a ransom, have you and your clientsโ€™ confidential information stolen and sold on the dark web, or have all of your emails and documents maliciously deleted, permanently encrypted, or made public.

The immediate damage to your conveyancing practice of a cyber attack is:

  • hackers misdirecting trust money or settlement funds;
  • hackers impersonating you and your practice to your clients and emailing them fake invoices, or fake payment directions;
  • interruptions to your business operations;
  • unexpected expenses related to remediation of your systems, such as hiring high-paid security consultants, performing expensive data-recovery, or repairing/replacing systems post-breach; and
  • compliance withย Notifiable Data Breaches (NDB) Schemeย legislation meaning data-breaches may need to be reported publicly or being fined for failing to comply with NDB obligations.

The long-term damage from a cyber attack includes:

  • the loss of your practiceโ€™s reputation;
  • the loss of existing and future clients;
  • unwanted media attention;
  • legal action against you from your clients for professional negligence and other lawsuits.

Your firm’s reputation can be ruined forever due to the media coverage

How Phishing Works and Why It Is a Major Threat

Phishing is a cyber-attack typically carried out over email. Cybercriminals aim to trick their victims into clicking a link or attachment, giving away their password, or asking them for money by pretending to be a legitimate online service, client, friend or colleague.

Victims of phishing may unwittingly open file attachments containing malware, viruses or ransomware, hand over their passwords to fake websites which look genuine or transfer money to fraudsters believing someone trusted they know has asked them to do so. Industry reports show thatย 4% of people on average will always click on links in a phishing email.ย Any interaction with a phishing email may enable the attacker to steal sensitive information from your practice such as your clientsโ€™ records, confidential files and your passwords.

The stolen information often ends up on the dark web, typically sold for a few dollars per record. In addition to data theft, cyber-criminals will gain access to your emails and may attempt to impersonate you or your employees. They can then tamper with email payment directions so that payments either to or from your practice go to the fraudster instead.

Why Phishing Works

While email is an essential communication channel for conveyancing practices, the vast majority of phishing attacks also arrive in emails containing malicious hyperlinks and file attachments.

As cyber attacks get more and more sophisticated, the chances are that your staff may overlook the subtle differences between phishing emails and legitimate emails.

Outdated pieces of advice likeย โ€œnever open emails written in poor Englishโ€ย will not protect your practice. If these common-sense anti-phishing tips were genuinely effective, phishing attacks would not continuously be on the rise since 2006.

It only takes one accidental click by any of your employees to compromise the security of computers, tablets and smartphones of your entire office, and become a victim of fraud.

You may not even be aware it has happened. As Verizon reports,ย victims of phishing often discover the data breach only years after the initial compromise. Cybercriminals are opportunistic and can sit and wait for a significant transaction to occur that they can redirect.

Protecting Your Conveyancing Practice From Phishing Threats

โ€œGet your mail filtered by an expert third-party security service thatโ€™s monitoring for new threats around the clockโ€,ย suggests Financial Review columnist, Peter Moon, as a response to the tragic case of aย Melbourne-based family who lost their life savings in a cyber attackย targeting their conveyancer.

At Iron Bastion we offer services specifically designed to protect your email from phishing threats. No matter if your email service is running on Office 365, G Suite or self-hosted, our cloud-based anti-phishing services can screen your incoming email messages for phishing attempts, and block suspicious emails before they hit your mailboxes.

Why Outdated Technology Will Not Protect You

Anti-phishing technologies are different from traditional anti-virus software and email anti-spam filtering. Neither built-in spam filters (Office 365, G Suite) nor previous generation anti-spam services feature advanced anti-phishing techniques. Hence these technologies will leave your practice unprotected from todayโ€™s cyber-threats.

Anti-phishing services can block perfect clones of legitimate emails like this phishing attempt

Modern anti-phishing services feature Machine Learning and Artificial Intelligence (AI) algorithms to identify phishing attempts. It looks for the specific red flags, such as:

  • typical wording and text semantics;
  • invalid digital signatures;
  • poor sender reputation.

File attachments are also analysed in safe environments for known and unknown threats, and embedded hyperlinks are modified to perform real-time analysis and blocking of malicious URLs when the recipient clicks on them.

This technology is only available in anti-phishing services specifically designed to protect organisations from phishing threats. We suggest you to do some research to find out which IT or security service providers offer anti-phishing services for small businesses.

Where to Go Next

We have recently published a series of practical cybersecurity tips with conveyancers in mind. Learnย how you can improve your cybersecurity at your conveyancing practice, andย help prevent payment redirection fraud by turning on two-factor authentication onย your email service. Finally, make sure to complete our simpleย cybersecurity health assessment to see if your cybersecurity is ready for eConveyancing.

This post has first appeared on theย Iron Bastion Security Blog โ€“ Australiaโ€™s anti-phishing expertsย and was co-written withย Nicholas Kavadias.

The Production Team
The KBI Production Team is a staff of specialist technology professionals with a detailed understanding across much of cybersecurity and emerging technology. With many decades of collective industry experience, as well as expertise in marketing & communications, we bring news and analysis of the cybersecurity industry.
Share This