SlideShare uma empresa Scribd logo

Iron Bastion - How to protect your conveyancing practice from payment redirection fraud

Transferir como PPTX, PDF
Gabor Szathmari
Gabor Szathmari

Practical tips to defend your conveyancing practice from cyber attacks and payment redirection fraud

Tecnologia
1 de 46
How to protect your conveyancing practice from payment redirection fraud? Practical tips to defend your business from cyber attacks
Who we are Nicholas Technology and legal expert with over 20 years of industry experience Gabor Cybersecurity expert with over ten years experience, having worked in both private and public sectors
Who we are www.ironbastion.com.au We defend small to midsize businesses from cyber scams and hacking
What we are covering tonight… 1) Why cybercriminals target conveyancing practices 2) The consequences of being scammed 3) How payment redirection fraud works 4) How to protect your practice 5) Questions
Would everyone please stand up… Before we begin, a small exercise
Sit down if you…. ❌ Have a business computer which does not have anti- virus ❌ Have advanced phishing protection in place? ❌ Do not know what two factor authentication (2FA) is, or have never used 2FA for your email ❌ Do you provide phishing awareness training to your employees? Anyone still standing? ❌ Have used 2FA but turned it off because it was too inconvenient
1) Why cybercriminals target conveyancers?
1) Why cybercriminals target conveyancers? • Practitioners are low hanging fruit for cybercriminals. • underinvestment in security • bad advice • no advice • High-value financial transactions • Insecure communication channels • New e-conveyancing platforms
1) Why cybercriminals target conveyancers? In-house research of conveyancers:* • ISP provided email (e.g TPG) - 20% • Webmail (e.g. Hotmail) - 10 % • Office 365 - 70% * Non-representative sample
1) Why cybercriminals target conveyancers? Anti-phishing protection: • Yes - 0% • No - 100% Two-factor: • Yes - 10% • No - 90% Password reuse: • Yes - 90% • No - 10% Paid antivirus: • Yes - 90% • No - 10%
You do not have to look far for Aussie examples •“MasterChef finalist caught in conveyancing hacker attack” •Mid-May, a client lost about $700,000 •May 31 when a client lost more than $1 million https://www.propertyobserver.com.au/forward-planning/advice-and-hot-topics/85862-pexa-warning-as-conveyancing-fraud-funds- end-up-in-thailand.html https://www.smh.com.au/business/companies/masterchef-finalist-caught-in-conveyancing-hacker-attack-20180622-p4zn4o.html
2) Consequences?
2) Consequences? •Breach of confidential information • copy of identity documents • personal details •Financial •Lawsuits •Reputation
Try Googling your brand.. once you have suffer a publicised data breach
3) How payment redirection scams work
3) How payment redirection scams work As easy as 1-2-3 1. Steal mailbox passwords • Phishing • Data breaches 2. Intercept emails 3. Tamper with payment instructions
Phishing • Social Engineering • Exploits the weaknesses in people – ‘click whirr’ behavioural responses • Fake logins that capture credentials
Credentials from Data Breaches • Websites get hacked. • People reuse same email and password across multiple online accounts.
Credentials from Data Breaches
Secret: “hackers” log into your webmail
4) How to protect your practice
4) How to protect your practice 1.Two-factor authentication (2FA) 2.Stop email spoofing 3.Better antivirus 4.Anti-phishing services
4) How to protect your practice 1.Two-factor authentication (2FA) 2.Stop email spoofing 3.Better antivirus 4.Anti-phishing services
I. Two-factor authentication (2FA) Powerful security measure protecting from: •Bad passwords •Stolen passwords •Leaked passwords
I. Two-factor authentication (2FA)
I. Two-factor authentication (2FA) How to turn on: https://blog.ironbastio n.com.au/how-to- prevent-payment- misdirection-fraud-at- your-conveyancing- practice-2fa/
4) How to protect your practice 1.Two-factor authentication (2FA) 2.Stop email spoofing 3.Better antivirus 4.Anti-phishing services
II. Stop email spoofing
II. Stop email spoofing How to impersonate Saul Goodman <saul.goodman@sgassociates.com> • Method #1 – Email Address Spoofing: Saul’s email address and his name are spoofed on an incoming email so that the sender appears to be: Saul Goodman <saul.goodman@sgassociates.com> • Method #2 – Display Name Spoofing: Only Saul’s name is spoofed, but not the email address: Saul Goodman <saul.goodman1337@gmail.com>
II. Stop email spoofing Method #1 – Email Address Spoofing: Saul’s email address and his name are spoofed on an incoming email so that the sender appears to be: Saul Goodman <saul.goodman@sgassociates.com>.  SPF/DKIM/DMARC DNS records More: https://blog.ironbastion.com.au/email-impersonation-scams- phishing-what-your-staff-can-do/
II. Stop email spoofing • Method #2 – Display Name Spoofing: Only Saul’s name is spoofed, but not the email address: Saul Goodman <saul.goodman1337@gmail.com>. Add warning banners Use anti-phishing services More: https://blog.ironbastion.com.au/email-impersonation- scams-phishing-what-your-staff-can-do/
4) How to protect your practice 1.Two-factor authentication (2FA) 2.Stop email spoofing 3.Better antivirus 4.Anti-phishing services
III. Better antivirus Keeps your computer safe from: • Ransomware • Phishing • Keyloggers • Miscellaneous wizardry
III. Better antivirus Buy the business version any of these: •avast! •Avira •Bitdefender •ESET •Kaspersky
4) How to protect your practice 1.Two-factor authentication (2FA) 2.Stop email spoofing 3.Better antivirus 4.Anti-phishing services
IV. Anti-phishing services (email) Pre-screens your incoming emails • Superior to your spam filter • Machine learning & AI powered • Text semantics • Web link protection • Deep analysis of file attachments
IV. Anti-phishing services (email) • Typically available as separate services for your email platform • Works with every platform (Office 365, G Suite, GoDaddy, etc.) • We suggest you to research what providers are available on the market providing managed anti-phishing services
IV. Anti-phishing services (web browsing) Web browsing protection protects from phishing attempts arriving in: • Private emails • Instant messengers (WeChat, etc.) • Text messages
IV. Anti-phishing services (web browsing) Blocks access to phishing websites on: • Computers and smartphones • In the office or on the road • Protects your staff at home
IV. Anti-phishing service (II.)
III. Anti-phishing services (phishing awareness) 4% of people in any given phishing campaign will click on a phishing email* 1.Phish your own staff 2.Identify vulnerable people 3.Target them with training materials * https://www.verizonenterprise.com/resources/reports/rp_DBIR_2018_Report_en_xg.pdf
5) Where to get help
5) Where to get help • Report the scam to ACCC ScamWatch, ACORN and ACSC • Victims of identity theft: you should contact IDCARE, NFP helping people • Have a conversation with your IT Service Provider, or staff. Use these slides as a talking point!
6) Questions? 💌 nick@ironbastion.com.au 💌 gabor@ironbastion.com.au 🌏 www.ironbastion.com.au
Attribution • https://blog.cryptoaustralia.org.au/2018/07/19/how-to-protect-your-legal- practice-from-payment-redirection-fraud/ • Cruz/Kavadias/Szathmari – How to Protect Your Legal Practice from Payment Redirection Fraud

Recomendados

Iron Bastion: Preventing business email compromise fraud at your firm
Iron Bastion: Preventing business email compromise fraud at your firmIron Bastion: Preventing business email compromise fraud at your firm
Iron Bastion: Preventing business email compromise fraud at your firmGabor Szathmari
 
Iron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyIron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyGabor Szathmari
 
Hacking law firms with abandoned domain names
Hacking law firms with abandoned domain namesHacking law firms with abandoned domain names
Hacking law firms with abandoned domain namesGabor Szathmari
 
How to manage your client's data responsibly
How to manage your client's data responsiblyHow to manage your client's data responsibly
How to manage your client's data responsiblyGabor Szathmari
 
How to protect your clients and your law firm from money transfer scams
How to protect your clients and your law firm from money transfer scamsHow to protect your clients and your law firm from money transfer scams
How to protect your clients and your law firm from money transfer scamsGabor Szathmari
 
Phishing stories from the trenches
Phishing stories from the trenchesPhishing stories from the trenches
Phishing stories from the trenchesGabor Szathmari
 
Help! I am an Investigative Journalist in 2017
Help! I am an Investigative Journalist in 2017Help! I am an Investigative Journalist in 2017
Help! I am an Investigative Journalist in 2017Gabor Szathmari
 
CryptoParty Tor Relay Workshop
CryptoParty Tor Relay WorkshopCryptoParty Tor Relay Workshop
CryptoParty Tor Relay WorkshopGabor Szathmari
 

Recomendados

Iron Bastion: Preventing business email compromise fraud at your firm
Iron Bastion: Preventing business email compromise fraud at your firmIron Bastion: Preventing business email compromise fraud at your firm
Iron Bastion: Preventing business email compromise fraud at your firmGabor Szathmari
 
Iron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyIron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyGabor Szathmari
 
Hacking law firms with abandoned domain names
Hacking law firms with abandoned domain namesHacking law firms with abandoned domain names
Hacking law firms with abandoned domain namesGabor Szathmari
 
How to manage your client's data responsibly
How to manage your client's data responsiblyHow to manage your client's data responsibly
How to manage your client's data responsiblyGabor Szathmari
 
How to protect your clients and your law firm from money transfer scams
How to protect your clients and your law firm from money transfer scamsHow to protect your clients and your law firm from money transfer scams
How to protect your clients and your law firm from money transfer scamsGabor Szathmari
 
Phishing stories from the trenches
Phishing stories from the trenchesPhishing stories from the trenches
Phishing stories from the trenchesGabor Szathmari
 
Help! I am an Investigative Journalist in 2017
Help! I am an Investigative Journalist in 2017Help! I am an Investigative Journalist in 2017
Help! I am an Investigative Journalist in 2017Gabor Szathmari
 
CryptoParty Tor Relay Workshop
CryptoParty Tor Relay WorkshopCryptoParty Tor Relay Workshop
CryptoParty Tor Relay WorkshopGabor Szathmari
 
Privacy for journalists introduction
Privacy for journalists introductionPrivacy for journalists introduction
Privacy for journalists introductionGabor Szathmari
 
Threat Modeling for Journalists
Threat Modeling for JournalistsThreat Modeling for Journalists
Threat Modeling for JournalistsGabor Szathmari
 
Privacy for Journalists Introduction
Privacy for Journalists IntroductionPrivacy for Journalists Introduction
Privacy for Journalists IntroductionGabor Szathmari
 
Safe Browsing in 2016
Safe Browsing in 2016Safe Browsing in 2016
Safe Browsing in 2016Gabor Szathmari
 
When the CDN goes bananas
When the CDN goes bananasWhen the CDN goes bananas
When the CDN goes bananasGabor Szathmari
 
PGP and Keybase (CryptoParty Belfast)
PGP and Keybase (CryptoParty Belfast)PGP and Keybase (CryptoParty Belfast)
PGP and Keybase (CryptoParty Belfast)Gabor Szathmari
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 

Mais conteúdo relacionado

Mais de Gabor Szathmari

Privacy for journalists introduction
Privacy for journalists introductionPrivacy for journalists introduction
Privacy for journalists introductionGabor Szathmari
 
Threat Modeling for Journalists
Threat Modeling for JournalistsThreat Modeling for Journalists
Threat Modeling for JournalistsGabor Szathmari
 
Privacy for Journalists Introduction
Privacy for Journalists IntroductionPrivacy for Journalists Introduction
Privacy for Journalists IntroductionGabor Szathmari
 
When the CDN goes bananas
When the CDN goes bananasWhen the CDN goes bananas
When the CDN goes bananasGabor Szathmari
 
PGP and Keybase (CryptoParty Belfast)
PGP and Keybase (CryptoParty Belfast)PGP and Keybase (CryptoParty Belfast)
PGP and Keybase (CryptoParty Belfast)Gabor Szathmari
 

Mais de Gabor Szathmari (6)

Privacy for journalists introduction
Privacy for journalists introductionPrivacy for journalists introduction
Privacy for journalists introduction
 
Threat Modeling for Journalists
Threat Modeling for JournalistsThreat Modeling for Journalists
Threat Modeling for Journalists
 
Privacy for Journalists Introduction
Privacy for Journalists IntroductionPrivacy for Journalists Introduction
Privacy for Journalists Introduction
 
Safe Browsing in 2016
Safe Browsing in 2016Safe Browsing in 2016
Safe Browsing in 2016
 
When the CDN goes bananas
When the CDN goes bananasWhen the CDN goes bananas
When the CDN goes bananas
 
PGP and Keybase (CryptoParty Belfast)
PGP and Keybase (CryptoParty Belfast)PGP and Keybase (CryptoParty Belfast)
PGP and Keybase (CryptoParty Belfast)
 

Último

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 

Último (20)

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

Iron Bastion - How to protect your conveyancing practice from payment redirection fraud

  • 1. How to protect your conveyancing practice from payment redirection fraud? Practical tips to defend your business from cyber attacks
  • 2. Who we are Nicholas Technology and legal expert with over 20 years of industry experience Gabor Cybersecurity expert with over ten years experience, having worked in both private and public sectors
  • 3. Who we are www.ironbastion.com.au We defend small to midsize businesses from cyber scams and hacking
  • 4. What we are covering tonight… 1) Why cybercriminals target conveyancing practices 2) The consequences of being scammed 3) How payment redirection fraud works 4) How to protect your practice 5) Questions
  • 5. Would everyone please stand up… Before we begin, a small exercise
  • 6. Sit down if you…. ❌ Have a business computer which does not have anti- virus ❌ Have advanced phishing protection in place? ❌ Do not know what two factor authentication (2FA) is, or have never used 2FA for your email ❌ Do you provide phishing awareness training to your employees? Anyone still standing? ❌ Have used 2FA but turned it off because it was too inconvenient
  • 7. 1) Why cybercriminals target conveyancers?
  • 8. 1) Why cybercriminals target conveyancers? • Practitioners are low hanging fruit for cybercriminals. • underinvestment in security • bad advice • no advice • High-value financial transactions • Insecure communication channels • New e-conveyancing platforms
  • 9. 1) Why cybercriminals target conveyancers? In-house research of conveyancers:* • ISP provided email (e.g TPG) - 20% • Webmail (e.g. Hotmail) - 10 % • Office 365 - 70% * Non-representative sample
  • 10. 1) Why cybercriminals target conveyancers? Anti-phishing protection: • Yes - 0% • No - 100% Two-factor: • Yes - 10% • No - 90% Password reuse: • Yes - 90% • No - 10% Paid antivirus: • Yes - 90% • No - 10%
  • 11. You do not have to look far for Aussie examples •“MasterChef finalist caught in conveyancing hacker attack” •Mid-May, a client lost about $700,000 •May 31 when a client lost more than $1 million https://www.propertyobserver.com.au/forward-planning/advice-and-hot-topics/85862-pexa-warning-as-conveyancing-fraud-funds- end-up-in-thailand.html https://www.smh.com.au/business/companies/masterchef-finalist-caught-in-conveyancing-hacker-attack-20180622-p4zn4o.html
  • 13. 2) Consequences? •Breach of confidential information • copy of identity documents • personal details •Financial •Lawsuits •Reputation
  • 14. Try Googling your brand.. once you have suffer a publicised data breach
  • 16. 3) How payment redirection scams work As easy as 1-2-3 1. Steal mailbox passwords • Phishing • Data breaches 2. Intercept emails 3. Tamper with payment instructions
  • 17. Phishing • Social Engineering • Exploits the weaknesses in people – ‘click whirr’ behavioural responses • Fake logins that capture credentials
  • 18. Credentials from Data Breaches • Websites get hacked. • People reuse same email and password across multiple online accounts.
  • 20. Secret: “hackers” log into your webmail
  • 21. 4) How to protect your practice
  • 22. 4) How to protect your practice 1.Two-factor authentication (2FA) 2.Stop email spoofing 3.Better antivirus 4.Anti-phishing services
  • 23. 4) How to protect your practice 1.Two-factor authentication (2FA) 2.Stop email spoofing 3.Better antivirus 4.Anti-phishing services
  • 24. I. Two-factor authentication (2FA) Powerful security measure protecting from: •Bad passwords •Stolen passwords •Leaked passwords
  • 26. I. Two-factor authentication (2FA) How to turn on: https://blog.ironbastio n.com.au/how-to- prevent-payment- misdirection-fraud-at- your-conveyancing- practice-2fa/
  • 27. 4) How to protect your practice 1.Two-factor authentication (2FA) 2.Stop email spoofing 3.Better antivirus 4.Anti-phishing services
  • 28. II. Stop email spoofing
  • 29. II. Stop email spoofing How to impersonate Saul Goodman <saul.goodman@sgassociates.com> • Method #1 – Email Address Spoofing: Saul’s email address and his name are spoofed on an incoming email so that the sender appears to be: Saul Goodman <saul.goodman@sgassociates.com> • Method #2 – Display Name Spoofing: Only Saul’s name is spoofed, but not the email address: Saul Goodman <saul.goodman1337@gmail.com>
  • 30. II. Stop email spoofing Method #1 – Email Address Spoofing: Saul’s email address and his name are spoofed on an incoming email so that the sender appears to be: Saul Goodman <saul.goodman@sgassociates.com>.  SPF/DKIM/DMARC DNS records More: https://blog.ironbastion.com.au/email-impersonation-scams- phishing-what-your-staff-can-do/
  • 31. II. Stop email spoofing • Method #2 – Display Name Spoofing: Only Saul’s name is spoofed, but not the email address: Saul Goodman <saul.goodman1337@gmail.com>. Add warning banners Use anti-phishing services More: https://blog.ironbastion.com.au/email-impersonation- scams-phishing-what-your-staff-can-do/
  • 32. 4) How to protect your practice 1.Two-factor authentication (2FA) 2.Stop email spoofing 3.Better antivirus 4.Anti-phishing services
  • 33. III. Better antivirus Keeps your computer safe from: • Ransomware • Phishing • Keyloggers • Miscellaneous wizardry
  • 34. III. Better antivirus Buy the business version any of these: •avast! •Avira •Bitdefender •ESET •Kaspersky
  • 35. 4) How to protect your practice 1.Two-factor authentication (2FA) 2.Stop email spoofing 3.Better antivirus 4.Anti-phishing services
  • 36. IV. Anti-phishing services (email) Pre-screens your incoming emails • Superior to your spam filter • Machine learning & AI powered • Text semantics • Web link protection • Deep analysis of file attachments
  • 37. IV. Anti-phishing services (email) • Typically available as separate services for your email platform • Works with every platform (Office 365, G Suite, GoDaddy, etc.) • We suggest you to research what providers are available on the market providing managed anti-phishing services
  • 38. IV. Anti-phishing services (web browsing) Web browsing protection protects from phishing attempts arriving in: • Private emails • Instant messengers (WeChat, etc.) • Text messages
  • 39.
  • 40. IV. Anti-phishing services (web browsing) Blocks access to phishing websites on: • Computers and smartphones • In the office or on the road • Protects your staff at home
  • 42. III. Anti-phishing services (phishing awareness) 4% of people in any given phishing campaign will click on a phishing email* 1.Phish your own staff 2.Identify vulnerable people 3.Target them with training materials * https://www.verizonenterprise.com/resources/reports/rp_DBIR_2018_Report_en_xg.pdf
  • 43. 5) Where to get help
  • 44. 5) Where to get help • Report the scam to ACCC ScamWatch, ACORN and ACSC • Victims of identity theft: you should contact IDCARE, NFP helping people • Have a conversation with your IT Service Provider, or staff. Use these slides as a talking point!
  • 45. 6) Questions? 💌 nick@ironbastion.com.au 💌 gabor@ironbastion.com.au 🌏 www.ironbastion.com.au