Scammers use email to trick people into handing over information or downloading malicious code through a dodgy link or attachment. A deceptive or malicious email is often the first step in a more sophisticated scam.

Email is so common and convenient that it is easy to get complacent about the security risks involved. However, there are some simple steps you can take to help manage the risk:

• Use a business grade, hosted email service that includes quality filtering to block dangerous emails, spam, phishing and malicious content or attachments.
• When responding to emails, use the forward button instead of reply, and manually type or select the address from your address book. This will help you make sure you're communicating with the right person.
• If an attachment comes in an unusual format like .zip or the email asks you follow a link to file hosting site, this should be a red flag. If the apparent sender is known to you, call them and double check.
• Delete generic spam immediately.
• If you receive an email that seems fishy, you can report it by sending an email to wascamnet@dmirs.wa.gov.au with the suspicious email attached.
• Regularly check sent and deleted items folders for any unusual activity. This can help you to detect if an account has been compromised.

To manage IT risks over the long term, it is important for businesses of any size to have a robust set of security policies in place. As settlement is a high risk industry, it is recommended that staff have regular training on cyber security and fraud prevention. You may also consider having your system security reviewed by a reputable IT security firm.

It is also important to develop a security conscious office culture. This is an office culture that values and prioritises security over convenience, and one in which all staff are trained and encouraged to identify and navigate security risks in daily practice

• ​Make sure each staff member uses their own individual account. Do not share passwords.
• Verbally confirm bank account details with clients. 
• Double check payment details entered on the workspace before signing off and locking it, especially bank account details. Do not assume the details will be the same as when you entered them.
• If your password stops working, do not simply reset the password. Contact PEXA and ask them to check the account and whether any changes to uses and passwords have been made. Also check any pending settlements for unauthorised changes.

• Don't reuse passwords across multiple accounts.
• Keep your business and personal life on separate devices as much as possible.
• Don't give family members the password to access your computer, phone or other device that you use for work.
• Avoid sending financial details and other sensitive information by email. Encourage your clients to do the same.
• Don't think that you are not a target. Everyone is a potential target of scammers and cybercrime.