PEXA Hacking Scandal reinforces the dangers of unsecure email

Dan Parker - 13 July 2018

“Email wasn’t designed as a secure messaging platform and almost everything about it is the opposite of how a secure communication system should work. It’s a fraudster’s best friend, and enabled the PEXA fraud.”

- Australian Financial Review

Recently our team published an editorial that highlighted the Commonwealth Bank’s email security breach. It seems as though no sooner than we used the CBA example of the dangers of email as an unsecure channel for sharing confidential information, than another Australian company found itself in the spotlight, over hacked email.

PEXA is an online property exchange service that is digitally transforming Australia’s 150-year-old paper system of exchanging property, from paper to electronic certificates. Thousands of land titles are now being processed, transacted and exchanged on the platform.

The hack saw the sophisticated criminals break into a conveyancing firms’ email accounts, access their mail from PEXA, set up new user accounts allowing them to change bank account details and proceed to fleece a Melbourne family to the tune of $250,000.

Neither the bank (CBA) nor PEXA are accepting liability for this security breach, and the family involved has been forced to move into a single bedroom; unable to settle on their property, face losing their $80,000 deposit, their new house, and are getting charged interest of $500 per day on a default notice.

So how could this happen? Really easily, actually.  

As the AFR stated on July 2nd, the simple truth is email was never designed as a secure communication platform.

And yet it’s used every day to handle high value transactions and business of a secure or highly confidential nature in every home, office, and in every industry. In PEXA’s case, this is quite literal: they are a private company owned by state governments, the four big Australian banks, private equity and property developer Paul Little.

The message is clear: if you are using email to send and receive confidential information relating to customers, citizens or your organisation – stop. Immediately.

  • Email is a ubiquitous communication channel, but it isn’t secure, and it is prone to accidental exposures.
  • Similar Shadow IT channels such as USB, DVD, FTP and paper carry similar risks because they lack the security, confidentiality and data sovereignty that should be a baseline requirement.

Avoid the use of Shadow IT – join us for a short 20-minute webinar

Next week, we’re running a webinar that focuses solely on the risks of Shadow IT and how to avoid them. We’ll be offering insight into the value of extending your information governance system beyond the four walls of your organisation so that you can share information with your trusted partners without risk.

Register for it here!


Post has no comments.

Post a Comment

Captcha Image