Skip to main content

Recent news reports and emails from PEXA have described a fraud involving the PEXA workspace. Any users of the PEXA workspace need to read this alert for tips on how to avoid this happening to them.

What's on this page?

What happened

The fraudster appears to have gained access to a subscriber’s email account and intercepted a change of password email allowing them to change the subscriber’s password. This then allowed them to create a new user account which gave them access to the workspace where they changed the bank account details that had already been entered. When the subscriber returned to the workspace to complete the transaction they did not notice the account details had been changed and the transaction was completed with money transferred to the wrong account.

What you must do

  • Always double check the payment details entered on the workspace, especially the bank account details, before signing off and locking the workspace. You should not assume that the details will be the same as they were when you entered them.
  • If you find you cannot log into the PEXA workspace with your own password, you should be on notice that something may be wrong. Do not simply do a password reset and assume everything is normal. You should:
    • contact PEXA and ask them to check the account and whether any changes to passwords or users have been made
    • check any active workspaces where settlements are pending that all payment details are correct and have not been modified by an unauthorised person.
  • Check your PEXA account now to identify any unauthorised users and continue to regularly monitor it.
  • Strengthen and maintain your email hygiene and security protocols to minimise the chance of fraudsters gaining access to your email system. This includes:
    • ensure staff have regular training on cyber security and fraud prevention
    • develop and implement an office policy about cyber security
    • use a business grade hosted email service that includes quality filtering to block dangerous emails, spam, phishing and malicious content or attachments
    • use a DNS based web filtering service to block high risk websites
    • install a reputable security software application on every computer
    • backup all of your firm’s files using an automated daily service that backs up to the cloud
    • keep all software on your computer up to date by ensuring all updates and security patches are installed
    • use only strong passwords that have a minimum of eight characters containing uppercase and lowercase letters, numbers and symbols. Change your passwords at least every 12 months


For more information on cyber security see our cyber security page.

Download a pdf of this alert

Security Warning for PEXA users.pdf

(PDF, 160.97 KB)
Download Security Warning for PEXA users.pdf

Latest News & Alerts

All News & Alerts
News

PI Insurance renewals open

05 Apr 24

The LPLC Professional Indemnity (PI) Insurance portal is open for processing renewals for the 2024–25 year for private law practices.

Learn more
News

Holiday Season hours and new office location

21 Dec 23

Our office will be closed from 5pm on Thursday 21 December 2023 and will re-open at 9am on Monday 8 January 2024.

LPLC’s office will relocate to new premises at Level 19, 140 William Street, Melbourne, VIC 3000 from Monday 15 January 2024. Phone and email contact details remain unchanged.

Learn more
Alert

Snapshot of Major Victorian Property Tax Changes effective from 1 January 2024

Conveyancing, Tax, GST, Leases, Building and Construction, Building and Construction 13 Dec 23

The State Taxation Acts and Other Acts Amendment Act 2023 received Royal Assent on 12 December 2023. The new law introduces significant property tax changes in Victoria with effect from 1 January 2024.

Learn more
All News & Alerts
TOP