Prac Playbook Edition 8
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Edition</strong> 8 | Staying cybersafe<br />
In This Issue...<br />
4 WAYS TO<br />
PROTECT AGAINST<br />
CYBER PHISHING<br />
Learn about safety measures you can<br />
easily implement today to safeguard<br />
your firm from phishing.<br />
WHAT YOU NEED TO<br />
KNOW ABOUT<br />
CYBERSECURITY IN<br />
2019<br />
Get up to speed on the latest trends<br />
from the rise of multi-factor<br />
authentication to AI-generated fake<br />
audio.<br />
ARE YOUR EMAILS<br />
AT RISK OF CYBER<br />
HACKING?<br />
With prying eyes targeting<br />
conveyancing transactions, we highlight<br />
lessons you can learn from recent<br />
hacking cases.<br />
STAYING CYBERSAFE<br />
Cybersecurity has been front of mind for many of our<br />
clients recently. The advancement of e-conveyancing along<br />
with the introduction of the Notifiable Data Breaches<br />
Scheme and GDPR last year have put a spotlight on how we<br />
protect and manage sensitive data. This edition we delve<br />
into high-profile email hacking cases, the latest<br />
cybersecurity trends, and how to protect your firm against<br />
phishing.
1) KNOW THE SIGNS<br />
Educate yourself and your staff to be<br />
vigilant. Some of the key red flags<br />
of phishing emails include:<br />
Unknown sender<br />
Urgency<br />
Unexpected attachments<br />
Unfamiliar links<br />
Requests for pers<br />
If you have any doubts:<br />
Don’t click on links<br />
Don’t open attachments<br />
Verify with ‘supposed’ sender<br />
Report to your IT team<br />
4 WAYS TO PROTECT<br />
AGAINST CYBER<br />
PHISHING<br />
T h i s a r t i c l e a l s o a v a i l a b l e i n o u r b l o g<br />
Phishing is an increasing threat in Australia with the ACCC recording 24,291 reports of<br />
phishing attempts in 2018. Phishing is when cybercriminals pretend to be companies or<br />
individuals to obtain sensitive personal information. There have been some widescale<br />
phishing schemes lately with hackers sending very convincing emails posing as Netflix<br />
and Spotify and requesting updated payment information in order to steal credit card<br />
details from unsuspecting consumers. You may think you'd never get caught up in such<br />
schemes, but they're becoming increasingly common and sophisticated.<br />
Here are 4 ways to protect your business against phishing.<br />
There are a number of online training<br />
phishing awareness programs that can<br />
be helpful too.<br />
2) SET UP MULTI-<br />
FACTOR<br />
AUTHENTICATION<br />
Multi-factor authentication (MFA) is a<br />
great backup in case you do get hacked.<br />
MFA requires multiple factors of<br />
identification, for example in addition to<br />
user name and password, you need to<br />
provide additional credentials, like a<br />
unique code that is texted to you, an<br />
answer to a security question, a<br />
fingerprint, or facial recognition. Even if<br />
a cybercriminal figures out your<br />
password, they'll need access to your<br />
device or biometrics before they can<br />
actually log on which creates an<br />
additional barrier.<br />
Set up multi-factor authentication in<br />
the Office 365 admin centre<br />
Setting up MFA in Microsoft is actually<br />
quite easy and can make a huge<br />
difference in your security.<br />
If you're using the preview version of<br />
the admin centre, you can find the<br />
option for MFA here:<br />
Setting up MFA in<br />
Microsoft is actually quite<br />
easy and can make a huge<br />
difference in your security.<br />
1. In the admin centre, go to Users ><br />
Active users.<br />
2. IMPORTANT: Before you select a<br />
user, choose More (...) > Setup Azure<br />
multi-factor authentication.<br />
In the classic version, you'll find it here:<br />
E d i t i o n 0 8 | 2
3) MONITOR YOUR EMAIL RULES 4) EDUCATE YOUR CLIENTS<br />
If a hacker gets into your email or your client’s, they can set up<br />
rules to intercept communications and hide any unusual activity.<br />
For example they might set up a rule to intercept any emails<br />
containing account details, automatically delete them from your<br />
inbox and forward it to their own. Check your rules regularly!<br />
Make sure your clients are aware of the dangers of phishing and<br />
review all of the above with them as well. It's important that they<br />
understand the risks and are just as vigilant. Clearly set<br />
expectations with them at the beginning of the transaction so<br />
that they know your standard procedure for communication.<br />
Include a disclaimer in your communications that<br />
emphasise these points as well.<br />
CAUTION on money transfers:<br />
We have reports that scammers are attempting to jijack<br />
emails with bank account details so they can substitute their<br />
own account number. As a result DO NOT deposit money to<br />
an account nominated by us without verifying the account<br />
number by phone.<br />
We will not use bank account details supplied by you without<br />
verification by phone.<br />
According to recent stats from the ACCC, up to 50% of data<br />
breaches are caused by phishing attacks. Don't let your business<br />
be the next victim.<br />
If you're looking for secure e-conveyancing solutions, get in touch with us at sales@infotrack.com.au to find out how we can help.<br />
E d i t i o n 0 8 | 3
device or biometrics. This means if<br />
someone does manage to get their<br />
hands on your login details, there's an<br />
additional barrier to overcome before<br />
they can actually access your accounts.<br />
You can find out more about Microsoft<br />
MFA here.<br />
3) USE OF AI-<br />
GENERATED FAKE<br />
VIDEO AND AUDIO<br />
WILL INCREASE<br />
WHAT YOU NEED TO<br />
KNOW ABOUT<br />
CYBERSECURITY IN<br />
2019<br />
T h i s a r t i c l e a l s o a v a i l a b l e i n o u r b l o g<br />
From 2016-2018, nearly half of Australian companies were hit by cybercrime (source).<br />
It's no wonder cybersecurity has already proven to be a hot topic in 2019. On the heels of<br />
a number of high profile data breaches in 2018 and the introduction of GDPR,<br />
cybersecurity is front of mind for many businesses. Here are 4 major trends for the year.<br />
1) PHISHING<br />
SCHEMES WILL<br />
BECOME EVEN MORE<br />
SOPHISTICATED<br />
Hackers aren't just after your credit<br />
card details anymore, they're focussed<br />
on infiltrating large value transactions.<br />
The property market is especially<br />
alluring as it involves constant highvalue<br />
money transfers between several<br />
parties. They've become experts at<br />
hacking into email accounts and<br />
following transactions as they progress<br />
so they can strike when the iron is hot.<br />
They know when you're ready to<br />
transfer the deposit and they send a<br />
perfectly timed email from the hacked<br />
account with false bank details to<br />
redirect funds into their own accounts.<br />
There have been several recent highprofile<br />
property fraud cases in Australia<br />
involving these type of phishing<br />
schemes that have resulted in significant<br />
financial loss for buyers/sellers and<br />
reputational damage for service<br />
providers.<br />
2) MFA WILL<br />
BECOME STANDARD<br />
IN ALL ONLINE<br />
TRANSACTIONS<br />
Password-only access will soon be a<br />
thing of the past. More and more<br />
businesses are implementing multifactor<br />
authentication (MFA) to<br />
safeguard their data, particularly in light<br />
of the increased prevalence of phishing.<br />
MFA requires additional credentials on<br />
top of a username and password to add<br />
an extra level of verification before<br />
providing access to sensitive systems or<br />
data. It may require approval from your<br />
We're used to hearing the fears about<br />
AI taking over jobs, but of greater<br />
concern is how it may be used by<br />
cybercriminals against us. There's a new<br />
trend toward using artificial intelligence<br />
to create fake audio and video messages<br />
that are extremely realistic. This type of<br />
media can be used to add even more<br />
credibility to phishing tactics and help<br />
hackers to impersonate trusted people.<br />
4) PEOPLE WILL<br />
REMAIN THE<br />
BIGGEST THREAT TO<br />
CYBERSECURITY<br />
The biggest threat to cybersecurity is<br />
you, your employees, your partners and<br />
your clients. It may only take one<br />
absentminded click or keying in the<br />
wrong email address and you could be<br />
facing a serious data breach. That's why<br />
education and awareness are key. All<br />
businesses should have cybersecurity<br />
training and procedure in place to<br />
ensure vigilance and best practice<br />
procedures. Your security is only as<br />
strong as the weakest link.<br />
These are just a few of the hot topics in<br />
cybersecurity this year, but the speed of<br />
change is substantial in cyberspace.<br />
If you want to know more about how<br />
you can protect your business, you can<br />
check out one of our security-related<br />
webinars below.<br />
Protecting your firm with VOI<br />
How to secure conveyancing<br />
transactions<br />
Cybercrime in e-conveyancing<br />
How to manage risk in conveyancing<br />
transactions<br />
Real Estate Fraud Prevention<br />
E d i t i o n 0 8 | 4
Impersonating the buyer<br />
An email scam targeted at hacking the<br />
email account of real estate agents<br />
resulted in more than $200,000 in<br />
losses. Consumer Affairs Victoria<br />
received reports after an agent sent<br />
through the contract of sale and trust<br />
account details to the buyer for<br />
payment of the deposit. Hackers<br />
intercepted email communication and<br />
sent through a second email advising<br />
the account details were incorrect and<br />
leading buyers to deposit the funds into<br />
a false account. In an industry where the<br />
conveyancing process is being<br />
conducted electronically, the protection<br />
of transactions is of great importance.<br />
Read the article<br />
ARE YOUR EMAILS AT<br />
RISK OF CYBER<br />
HACKING?<br />
T h i s a r t i c l e a l s o a v a i l a b l e i n o u r b l o g<br />
These cases attest to the consequences<br />
if you don’t take proper precautions<br />
when exchanging bank account details.<br />
Cybercriminals are not discriminative<br />
when it comes to those they attack. Let<br />
these cases be reason enough in<br />
showcasing the importance of<br />
safeguarding property deposit funds<br />
and communication from hackers.<br />
We’ve heard of cases where hackers have intercepted high-value fund transfers, and we<br />
know how much more sophisticated they’re becoming. Their success stories have caused<br />
a raise in concern for the real estate industry, who are now a prime target for their<br />
interception. This means all parties must be vigilant – lawyers, conveyancer, real estate<br />
agents, buyers and sellers. You’re only as strong as the weakest party in the transaction<br />
and these things can happen to anyone if you don’t take the time to double check details<br />
and use common sense before transferring money.<br />
What we know about these hackers is that they’re targeting different parts of the<br />
exchange. We’ve outlined two high profile Australian fraud cases below; heed these as a<br />
warning of what can happen from the prying eyes of cyber criminals. One case outlines<br />
the thief impersonating the seller requesting the agent to deposit in the wrong account,<br />
and one is impersonating the agent to request the buyer to deposit in the wrong account.<br />
Impersonating the seller<br />
What was assumed to be the “updated” account details of Andrew Buckley, a high-profile<br />
Gold Coast investor, was in fact a $90,000 success for an email fraudster. The agency had<br />
requested that Buckley send an email confirming his account details, but shortly after his<br />
initial email, another was sent from fraudsters requesting that the money be sent to<br />
another bank account. In a world where you can never be too cautious, the agency’s<br />
failure to verify and confirm the updated account details with Buckley resulted in a<br />
successful interception.<br />
Read the article<br />
E d i t i o n 0 8 | 5
lands as well as Old system lands.<br />
Status of crown lands and searching of<br />
crown tenures.<br />
3. HOW LONG DOES<br />
AN OLD SYSTEM<br />
INVESTIGATION<br />
TAKE?<br />
5 FACTS ABOUT OLD<br />
SYSTEM SEARCHING<br />
T h i s a r t i c l e a l s o a v a i l a b l e i n o u r b l o g<br />
We sat down with Mark Groll, InfoTrack’s Old System Searching Specialist and one of<br />
only three people in NSW who can do all aspects of Old System Searching to learn more<br />
about the process. Mark has been investigating NSW land titles for over 40 years and<br />
often liaises with the land titles office to make improvements to Old System Searching.<br />
His reports are regularly used in court and stored as evidence with the land titles office.<br />
1.WHAT KIND OF<br />
INFORMATION CAN<br />
YOU FIND THROUGH<br />
OLD SYSTEMS<br />
SEARCHING?<br />
In the past, investigations were mainly<br />
conducted for the sale, purchase or<br />
refinance of a property, in most cases<br />
investigating the title back 30 years’ in<br />
time to identify a good commencing point.<br />
Unfortunately, these types of old system<br />
searches have decreased over the years as<br />
more properties have been converted to<br />
the Real Property Act Title even though<br />
it’s risk not to do them. Despite the<br />
decrease in certain types of Old Title<br />
searching, the need for investigating Old<br />
System Title has actually increased over<br />
the years, spurred by the following types<br />
of investigations.<br />
Locating and identifying lands and<br />
terms and conditions of rights of way,<br />
easements and covenants that benefit<br />
or affect land, where the encumbrance<br />
may not have been carried forward to<br />
the current title. Some of these<br />
encumbrances have been found to be<br />
created in the 1800s.<br />
E d i t i o n 0 8 | 6<br />
Native Title and Aboriginal Land Claim<br />
investigation on the Old System, Real<br />
Property Act and Crown lands.<br />
Ownership of roads and right of way<br />
covering all three land titles systems.<br />
Dwelling for adjoining rural properties,<br />
usually under 100 acres in size.<br />
Dating structures for heritage<br />
purposes.<br />
Locating and dating structures for<br />
archaeological purposes.<br />
Ownership of roads covering all three<br />
land title systems.<br />
Searching from the original Crown<br />
Grants where the owner of land<br />
adjoining certain types of roads or a<br />
non-tidal water way are making a claim<br />
for ownership usually to the middle of<br />
the road or creek. This is search<br />
conducted for a rule called the Ad<br />
Medium Filum rule.<br />
2. WHAT OTHER LAND<br />
SEARCHING SERVICES<br />
DO YOU PROVIDE?<br />
Site contamination searches.<br />
Legal Access to and from properties.<br />
Investigation of benefitting or affecting<br />
easements, rights of way or covenants,<br />
conducted on both Real Property Act<br />
lands as well as Old system lands.<br />
A standard search usually takes 1 day,<br />
but depending on the commencing point<br />
and the complexity it can take up to<br />
weeks or months. I spent 9 months<br />
working on a road ownership<br />
investigation for West Connex which<br />
involved determining whether cross<br />
roads were private, Crown or Council<br />
owned so that Roads and Maritime<br />
Services could get them into the public.<br />
One of the roads I investigated dated<br />
back to 1792.<br />
4. WHAT HAVE BEEN<br />
THE BIGGEST<br />
CHANGES TO OLD<br />
SYSTEM SEARCHING<br />
IN THE PAST 40<br />
YEARS?<br />
When I first started in 1977 it cost 25<br />
cents for a copy of any document!<br />
Digitisation has definitely been the<br />
biggest change. Though some of the<br />
intricacies and integrity of data<br />
recording have dropped off, overall it<br />
has benefited everyone by providing<br />
the ability to search quicker. It’s a 24/7<br />
industry now with most of the<br />
processes electronic, but there are still<br />
a few manual processes.<br />
5. WHAT IS THE BEST<br />
PART ABOUT<br />
WORKING IN OLD<br />
SYSTEM SEARCHING?<br />
I love that I never stop learning; there’s<br />
always something new to discover and<br />
every search is a puzzle that requires<br />
slotting the jigsaw pieces together. I get to<br />
work with a variety of people including<br />
councils, solicitors, lawyers, RMS,<br />
environmental scientists, and<br />
archaeologists. I enjoy being able to<br />
provide results in an unbiased report;<br />
there are only one or two investigations<br />
that I haven’t been able to solve in my 40<br />
years of land investigation.
Webinar Date CPD points<br />
Paperless conveyancing - Smokeball<br />
10 tips for old system searching<br />
How to secure conveyancing transactions<br />
How to improve client experience<br />
How to grow your business in a competitive market<br />
How to manage risk in online property transactions<br />
Increasing efficiency through integration - Smokeball<br />
Cladding Levies and Contracts with Russell Cocks<br />
Cybercrime in eConveyancing<br />
13 Mar | 1pm<br />
18 Mar | 1pm<br />
19 Mar | 1pm<br />
19 Mar | 1pm<br />
20 Mar | 1pm<br />
21 Mar | 1pm<br />
25 Mar | 1pm<br />
26 Mar | 1pm<br />
27 Mar | 1pm<br />
1 CPD<br />
1 CPD<br />
1 CPD<br />
1 CPD<br />
1 CPD<br />
1 CPD<br />
1 CPD<br />
1 CPD<br />
1 CPD<br />
View all webinars<br />
Have a question or interested in contributing to the next edition?<br />
Send us an email at practitionerplaybook@infotrack.com.au<br />
E d i t i o n 0 8 | 7