Prac Playbook Edition 8

Edition 8 | Staying cybersafe
In This Issue...
4 WAYS TO
PROTECT AGAINST
CYBER PHISHING
Learn about safety measures you can
easily implement today to safeguard
your firm from phishing.
WHAT YOU NEED TO
KNOW ABOUT
CYBERSECURITY IN
2019
Get up to speed on the latest trends
from the rise of multi-factor
authentication to AI-generated fake
audio.
ARE YOUR EMAILS
AT RISK OF CYBER
HACKING?
With prying eyes targeting
conveyancing transactions, we highlight
lessons you can learn from recent
hacking cases.
STAYING CYBERSAFE
Cybersecurity has been front of mind for many of our
clients recently. The advancement of e-conveyancing along
with the introduction of the Notifiable Data Breaches
Scheme and GDPR last year have put a spotlight on how we
protect and manage sensitive data. This edition we delve
into high-profile email hacking cases, the latest
cybersecurity trends, and how to protect your firm against
phishing.

1) KNOW THE SIGNS
Educate yourself and your staff to be
vigilant. Some of the key red flags
of phishing emails include:
Unknown sender
Urgency
Unexpected attachments
Unfamiliar links
Requests for pers
If you have any doubts:
Don’t click on links
Don’t open attachments
Verify with ‘supposed’ sender
Report to your IT team
4 WAYS TO PROTECT
AGAINST CYBER
PHISHING
T h i s a r t i c l e a l s o a v a i l a b l e i n o u r b l o g
Phishing is an increasing threat in Australia with the ACCC recording 24,291 reports of
phishing attempts in 2018. Phishing is when cybercriminals pretend to be companies or
individuals to obtain sensitive personal information. There have been some widescale
phishing schemes lately with hackers sending very convincing emails posing as Netflix
and Spotify and requesting updated payment information in order to steal credit card
details from unsuspecting consumers. You may think you'd never get caught up in such
schemes, but they're becoming increasingly common and sophisticated.
Here are 4 ways to protect your business against phishing.
There are a number of online training
phishing awareness programs that can
be helpful too.
2) SET UP MULTI-
FACTOR
AUTHENTICATION
Multi-factor authentication (MFA) is a
great backup in case you do get hacked.
MFA requires multiple factors of
identification, for example in addition to
user name and password, you need to
provide additional credentials, like a
unique code that is texted to you, an
answer to a security question, a
fingerprint, or facial recognition. Even if
a cybercriminal figures out your
password, they'll need access to your
device or biometrics before they can
actually log on which creates an
additional barrier.
Set up multi-factor authentication in
the Office 365 admin centre
Setting up MFA in Microsoft is actually
quite easy and can make a huge
difference in your security.
If you're using the preview version of
the admin centre, you can find the
option for MFA here:
Setting up MFA in
Microsoft is actually quite
easy and can make a huge
difference in your security.
1. In the admin centre, go to Users >
Active users.
2. IMPORTANT: Before you select a
user, choose More (...) > Setup Azure
multi-factor authentication.
In the classic version, you'll find it here:
E d i t i o n 0 8 | 2

3) MONITOR YOUR EMAIL RULES 4) EDUCATE YOUR CLIENTS
If a hacker gets into your email or your client’s, they can set up
rules to intercept communications and hide any unusual activity.
For example they might set up a rule to intercept any emails
containing account details, automatically delete them from your
inbox and forward it to their own. Check your rules regularly!
Make sure your clients are aware of the dangers of phishing and
review all of the above with them as well. It's important that they
understand the risks and are just as vigilant. Clearly set
expectations with them at the beginning of the transaction so
that they know your standard procedure for communication.
Include a disclaimer in your communications that
emphasise these points as well.
CAUTION on money transfers:
We have reports that scammers are attempting to jijack
emails with bank account details so they can substitute their
own account number. As a result DO NOT deposit money to
an account nominated by us without verifying the account
number by phone.
We will not use bank account details supplied by you without
verification by phone.
According to recent stats from the ACCC, up to 50% of data
breaches are caused by phishing attacks. Don't let your business
be the next victim.
If you're looking for secure e-conveyancing solutions, get in touch with us at sales@infotrack.com.au to find out how we can help.
E d i t i o n 0 8 | 3

device or biometrics. This means if
someone does manage to get their
hands on your login details, there's an
additional barrier to overcome before
they can actually access your accounts.
You can find out more about Microsoft
MFA here.
3) USE OF AI-
GENERATED FAKE
VIDEO AND AUDIO
WILL INCREASE
WHAT YOU NEED TO
KNOW ABOUT
CYBERSECURITY IN
2019
T h i s a r t i c l e a l s o a v a i l a b l e i n o u r b l o g
From 2016-2018, nearly half of Australian companies were hit by cybercrime (source).
It's no wonder cybersecurity has already proven to be a hot topic in 2019. On the heels of
a number of high profile data breaches in 2018 and the introduction of GDPR,
cybersecurity is front of mind for many businesses. Here are 4 major trends for the year.
1) PHISHING
SCHEMES WILL
BECOME EVEN MORE
SOPHISTICATED
Hackers aren't just after your credit
card details anymore, they're focussed
on infiltrating large value transactions.
The property market is especially
alluring as it involves constant highvalue
money transfers between several
parties. They've become experts at
hacking into email accounts and
following transactions as they progress
so they can strike when the iron is hot.
They know when you're ready to
transfer the deposit and they send a
perfectly timed email from the hacked
account with false bank details to
redirect funds into their own accounts.
There have been several recent highprofile
property fraud cases in Australia
involving these type of phishing
schemes that have resulted in significant
financial loss for buyers/sellers and
reputational damage for service
providers.
2) MFA WILL
BECOME STANDARD
IN ALL ONLINE
TRANSACTIONS
Password-only access will soon be a
thing of the past. More and more
businesses are implementing multifactor
authentication (MFA) to
safeguard their data, particularly in light
of the increased prevalence of phishing.
MFA requires additional credentials on
top of a username and password to add
an extra level of verification before
providing access to sensitive systems or
data. It may require approval from your
We're used to hearing the fears about
AI taking over jobs, but of greater
concern is how it may be used by
cybercriminals against us. There's a new
trend toward using artificial intelligence
to create fake audio and video messages
that are extremely realistic. This type of
media can be used to add even more
credibility to phishing tactics and help
hackers to impersonate trusted people.
4) PEOPLE WILL
REMAIN THE
BIGGEST THREAT TO
CYBERSECURITY
The biggest threat to cybersecurity is
you, your employees, your partners and
your clients. It may only take one
absentminded click or keying in the
wrong email address and you could be
facing a serious data breach. That's why
education and awareness are key. All
businesses should have cybersecurity
training and procedure in place to
ensure vigilance and best practice
procedures. Your security is only as
strong as the weakest link.
These are just a few of the hot topics in
cybersecurity this year, but the speed of
change is substantial in cyberspace.
If you want to know more about how
you can protect your business, you can
check out one of our security-related
webinars below.
Protecting your firm with VOI
How to secure conveyancing
transactions
Cybercrime in e-conveyancing
How to manage risk in conveyancing
transactions
Real Estate Fraud Prevention
E d i t i o n 0 8 | 4

Impersonating the buyer
An email scam targeted at hacking the
email account of real estate agents
resulted in more than $200,000 in
losses. Consumer Affairs Victoria
received reports after an agent sent
through the contract of sale and trust
account details to the buyer for
payment of the deposit. Hackers
intercepted email communication and
sent through a second email advising
the account details were incorrect and
leading buyers to deposit the funds into
a false account. In an industry where the
conveyancing process is being
conducted electronically, the protection
of transactions is of great importance.
Read the article
ARE YOUR EMAILS AT
RISK OF CYBER
HACKING?
T h i s a r t i c l e a l s o a v a i l a b l e i n o u r b l o g
These cases attest to the consequences
if you don’t take proper precautions
when exchanging bank account details.
Cybercriminals are not discriminative
when it comes to those they attack. Let
these cases be reason enough in
showcasing the importance of
safeguarding property deposit funds
and communication from hackers.
We’ve heard of cases where hackers have intercepted high-value fund transfers, and we
know how much more sophisticated they’re becoming. Their success stories have caused
a raise in concern for the real estate industry, who are now a prime target for their
interception. This means all parties must be vigilant – lawyers, conveyancer, real estate
agents, buyers and sellers. You’re only as strong as the weakest party in the transaction
and these things can happen to anyone if you don’t take the time to double check details
and use common sense before transferring money.
What we know about these hackers is that they’re targeting different parts of the
exchange. We’ve outlined two high profile Australian fraud cases below; heed these as a
warning of what can happen from the prying eyes of cyber criminals. One case outlines
the thief impersonating the seller requesting the agent to deposit in the wrong account,
and one is impersonating the agent to request the buyer to deposit in the wrong account.
Impersonating the seller
What was assumed to be the “updated” account details of Andrew Buckley, a high-profile
Gold Coast investor, was in fact a $90,000 success for an email fraudster. The agency had
requested that Buckley send an email confirming his account details, but shortly after his
initial email, another was sent from fraudsters requesting that the money be sent to
another bank account. In a world where you can never be too cautious, the agency’s
failure to verify and confirm the updated account details with Buckley resulted in a
successful interception.
Read the article
E d i t i o n 0 8 | 5

lands as well as Old system lands.
Status of crown lands and searching of
crown tenures.
3. HOW LONG DOES
AN OLD SYSTEM
INVESTIGATION
TAKE?
5 FACTS ABOUT OLD
SYSTEM SEARCHING
T h i s a r t i c l e a l s o a v a i l a b l e i n o u r b l o g
We sat down with Mark Groll, InfoTrack’s Old System Searching Specialist and one of
only three people in NSW who can do all aspects of Old System Searching to learn more
about the process. Mark has been investigating NSW land titles for over 40 years and
often liaises with the land titles office to make improvements to Old System Searching.
His reports are regularly used in court and stored as evidence with the land titles office.
1.WHAT KIND OF
INFORMATION CAN
YOU FIND THROUGH
OLD SYSTEMS
SEARCHING?
In the past, investigations were mainly
conducted for the sale, purchase or
refinance of a property, in most cases
investigating the title back 30 years’ in
time to identify a good commencing point.
Unfortunately, these types of old system
searches have decreased over the years as
more properties have been converted to
the Real Property Act Title even though
it’s risk not to do them. Despite the
decrease in certain types of Old Title
searching, the need for investigating Old
System Title has actually increased over
the years, spurred by the following types
of investigations.
Locating and identifying lands and
terms and conditions of rights of way,
easements and covenants that benefit
or affect land, where the encumbrance
may not have been carried forward to
the current title. Some of these
encumbrances have been found to be
created in the 1800s.
E d i t i o n 0 8 | 6
Native Title and Aboriginal Land Claim
investigation on the Old System, Real
Property Act and Crown lands.
Ownership of roads and right of way
covering all three land titles systems.
Dwelling for adjoining rural properties,
usually under 100 acres in size.
Dating structures for heritage
purposes.
Locating and dating structures for
archaeological purposes.
Ownership of roads covering all three
land title systems.
Searching from the original Crown
Grants where the owner of land
adjoining certain types of roads or a
non-tidal water way are making a claim
for ownership usually to the middle of
the road or creek. This is search
conducted for a rule called the Ad
Medium Filum rule.
2. WHAT OTHER LAND
SEARCHING SERVICES
DO YOU PROVIDE?
Site contamination searches.
Legal Access to and from properties.
Investigation of benefitting or affecting
easements, rights of way or covenants,
conducted on both Real Property Act
lands as well as Old system lands.
A standard search usually takes 1 day,
but depending on the commencing point
and the complexity it can take up to
weeks or months. I spent 9 months
working on a road ownership
investigation for West Connex which
involved determining whether cross
roads were private, Crown or Council
owned so that Roads and Maritime
Services could get them into the public.
One of the roads I investigated dated
back to 1792.
4. WHAT HAVE BEEN
THE BIGGEST
CHANGES TO OLD
SYSTEM SEARCHING
IN THE PAST 40
YEARS?
When I first started in 1977 it cost 25
cents for a copy of any document!
Digitisation has definitely been the
biggest change. Though some of the
intricacies and integrity of data
recording have dropped off, overall it
has benefited everyone by providing
the ability to search quicker. It’s a 24/7
industry now with most of the
processes electronic, but there are still
a few manual processes.
5. WHAT IS THE BEST
PART ABOUT
WORKING IN OLD
SYSTEM SEARCHING?
I love that I never stop learning; there’s
always something new to discover and
every search is a puzzle that requires
slotting the jigsaw pieces together. I get to
work with a variety of people including
councils, solicitors, lawyers, RMS,
environmental scientists, and
archaeologists. I enjoy being able to
provide results in an unbiased report;
there are only one or two investigations
that I haven’t been able to solve in my 40
years of land investigation.

Webinar Date CPD points
Paperless conveyancing - Smokeball
10 tips for old system searching
How to secure conveyancing transactions
How to improve client experience
How to grow your business in a competitive market
How to manage risk in online property transactions
Increasing efficiency through integration - Smokeball
Cladding Levies and Contracts with Russell Cocks
Cybercrime in eConveyancing
13 Mar | 1pm
18 Mar | 1pm
19 Mar | 1pm
19 Mar | 1pm
20 Mar | 1pm
21 Mar | 1pm
25 Mar | 1pm
26 Mar | 1pm
27 Mar | 1pm
1 CPD
1 CPD
1 CPD
1 CPD
1 CPD
1 CPD
1 CPD
1 CPD
1 CPD
View all webinars
Have a question or interested in contributing to the next edition?
Send us an email at practitionerplaybook@infotrack.com.au
E d i t i o n 0 8 | 7