Risk Alert Notice, September 2021 – Important threat alert issued by the Australian Cyber Security Centre, see alert here warning about the growing trend of cybercriminals targeting the property and real estate sector to conduct business email compromise (BEC) scams in Australia.

In BEC scams, cybercriminals pose as legitimate businesses to send fraudulent emails to customers and clients. While the ACSC’s alert focusses on property transactions, BEC is a growing threat for all businesses and any transaction where money changes hands.

In response to this threat, the ACSC recommends:

• Verifying changed payment details before transferring any funds.
• Training all staff to identify suspicious emails.
• Securing business email accounts using strong passphrases and multi-factor authentication.

Other scam email notifications include:

• Receipt of illegitimate emails from legitimate mainland firms or real estate agents containing attachments (e.g. ‘contract of sale’) and sophisticated comments or service/referral enquiries. This is achieved by the use of near-identical email addresses or by hacking into the legitimate party’s email account (often as a result of their own staff opening unsolicited attachments or links).
• Email requests by ‘known’ suppliers or internal staff / management to redirect payment or make payment to a new account number (again the ‘imposter’ – person or bot – uses an almost identical email address or hacks the ‘senders’ email).

Tips
When it comes to any internal or external instructions to make or vary financial transactions (or to open unsolicited attachments):

• Always pick up the phone to verify if you know the person
• Consider ‘double verification’ policies for your firm if you don’t already have them
• Ensure all staff are aware of risks and procedures
• Ensure policies are communicated to your accountants if external accountants are used

Other cyber security tips, tools and checklists
Free help can also be found at: http://lca.lawcouncil.asn.au/lawcouncil/cyber-precedent-home

• Law Society of Tasmania – Cybersecurity Best Practice Checklist (in Word)
• Law Society of Tasmania Response Checklist in the Event of Cybersecurity Breach (in Word)
• National Law Mandatory Notifiable Data Breaches Scheme – Flowchart
• (see also Data breach preparation and response – a guide to managing data breaches in accordance with the Privacy Act 1988 (Cth))
• Cybersecurity poster for law firm offices

What else could go wrong? PII Scheme Manager Alison Clues’ Law Letter Article Autumn 2018.
Risk Alert Notice – 20 June 2018
Email to Firms – 4 July 2018