Last year, Dani Venn, Masterchef finalist, fell victim to cybercrime when $250,000 was stolen from her family.
She says the most important lesson she learned is not to give hackers opportunities. “Hackers do not pick their victims. They pick opportunities to create victims...Hackers spot that your traffic is not encrypted, they can spy on anything you’re doing. That’s how we were hacked. The system wasn’t secure, and the hackers exploited it.”
Dani Venn’s story reminds us how easy it is to fall victim to cybercrime. Scamming attacks don’t just happen when you respond to dodgy emails. Hackers can find more sophisticated ways to trick you unexpectedly.
Fakes will only become more sophisticated
Hackers have come a long way from sending spam emails that are easily identified as fake. Now they can replicate the look of official emails including using logos to make the email seem legitimate. Scams are also coming through via SMS and phone call channels. There are scams around not paying ATO bills, being involved in a car accident and bill payments failing. There is also a new trend toward using artificial intelligence to create fake audio and video messages that are extremely realistic. This type of media can be used to add even more credibility to phishing tactics and help hackers to impersonate trusted people.
Furthermore, hackers aren't just after your credit card details anymore, they're focused on infiltrating large value transactions. The property market is especially alluring as it involves constant high-value money transfers between several parties. Hackers become experts at breaking into email accounts and following transactions as they progress, so they can strike while the iron is hot. They know when you're ready to transfer the deposit and they send a perfectly timed email from the hacked account with false bank details to redirect funds into their own accounts. There have been several recent high-profile property fraud cases in Australia involving these type of phishing schemes that have resulted in significant financial loss for buyers/sellers and reputational damage for service providers.
Recently, the Office for the Registrar General NSW released a cybercrime alert claiming solicitors and clients are still being stung by fraud.Two recent cases involved the clients receiving emails purportedly from the law practice directing that they pay monies into the law practices’ trust bank accounts where the trust bank account details had been tampered with. This netted the hackers $187,510.
A third fraud case related to the client receiving an email and tax invoice from the law practice to pay $15,000 to the law practice’s office account. Again, the bank account details had been altered and the criminals made off with the $15,000.
Today’s Australasian Legal Practice Management Association (ALMPA) Summit reminds us that technology to combat cyber-security is extremely important. Ms Venn agrees and advised the need to protect your sensitive information and improve your security online using software tools.
Purpose-built technology can keep you and your firm safe
Password-only access will soon be a thing of the past. More and more businesses are implementing multi-factor authentication (MFA) to safeguard their data, particularly in light of the increased prevalence of phishing. While it might sound technical, MFA is an essential part of making sure we are protected digitally. What MFA entails is two or more steps to verify that you are who you say you are, so that even if a password falls into the wrong hands, there is an extra layer of security needed to prove who is trying to access your information.
MFA is used by many industries – think about online banking. You often need to log in and to transfer money, a secure code may be emailed or sent as an SMS to you. Once received, you can prove it is you making the transaction.
MFA requires additional credentials on top of a username and password to add an extra level of verification before providing access to sensitive systems or data. It may require approval from your device or biometrics. This means if someone does manage to get their hands on your login details, there's an additional barrier to overcome before they can actually access your accounts.
There are other technologies purpose-built to keep firms safe. For example, Securexchange, is designed to stop the need to share trust account details via unsecured emails and protects the reputation of all professional parties involved in the property transaction. The key to the service is that only verified parties can view trust account and deposit information, streamlining communication between those parties and offering transparency over the progress of the exchange.
Coupled with the ability for lawyers to share Trust Account details securely with other parties, Securexchange provides legal and conveyancing professionals with a real answer to combat cyber-fraud, at no expense to their firm.
While people are not deliberately targeted, they will always remain the biggest threat to cybersecurity. It may only take one absentminded click or keying in the wrong email address and you could be facing a serious data breach. That's why education and awareness are key. All businesses should have cybersecurity training and procedures in place to ensure vigilance and best practice.
