Cyber security update – by Jesse Rankine
The use of technology in modern business has increased dramatically over the past decade. While we used to send most correspondence via post or fax, the majority of business communications is now via email. With this increased use of email communication, there has been a corresponding increase in fraudulent email scams.
While none of our clients have received fraudulent emails from our email server, we have received advice that there have been are a number of instances where the conveyancing process has been the target of fraudulent emails, with emails appearing to be sent by a representative during a property purchase transaction. These emails were able to specifically target the purchaser by identifying their name, the address of the property they were purchasing and the amount of the deposit required. In fact, the email beared all the information from an actual email sent from the representative. The only difference being the BSB and Account Number for the payment of the deposit was those of the scammer, not the agent.
If payment was made in these circumstances the deposit would be lost. The recovery of the deposit would be expensive and unlikely to be successful given the level of sophistication to these email scams.
With the above in mind, we recommend that you always take the following precautions when dealing with online / email transactions:
- Check the email address appears to correspond with the business to whom you are dealing. If you suspect the email address is incorrect or fraudulent, forward the same to an IT specialist and / or contact the business directly to verify the email address.
- If you are making a payment pursuant to an email request, always telephone the organisation and verify the BSB and Account Number.
- When telephoning the organisation to verify details, do not use the number included on the email request. Use a number from a business card, website or entry on a listing website such as Yellow Pages or Google.
- When making a payment through online banking, always include the reference provided so that the transaction is identifiable by the business receiving the funds. If no reference is provided, include your name instead.
- Only attend to payment of invoices that you know to be genuine.
- Never share your login details with anyone and change your password at least once every 6 months.
- Never click on a link in an email from someone you do not know.
Email and technology are fantastic resources for you and your business. Just remember to always be diligent when transferring money and / or providing personal information in an online environment.