Australian conveyancing and legal practitioners have faced a wave of email spoof attacks, costing individuals and firms millions and causing widespread reputational harm. These attacks exploit weak email reputation management, making robust, specialist-led email security a must-have for any practice that values trust and operational continuity.
Email spoofing attacks in Australia’s legal and property sectors are surging. Cybercriminals commonly intercept or imitate legitimate email exchanges between firms and their clients, especially during high-value property settlements. Attackers gain access, often by guessing passwords or exploiting unprotected email setups, and then alter payment instructions, diverting funds to criminal-controlled accounts.
A recent Western Australia case saw a client lose $732,000 after receiving convincing (but ultimately fake) bank instructions via email. In Sydney, a couple lost nearly $1 million through a similar scam. Nationwide, almost $84 million was lost to “business email compromise” (BEC) scams last year alone, with individual cases resulting in losses averaging $55,000, but sometimes much higher.
Financial Loss: Victims are losing hundreds of thousands, sometimes millions per incident. The broader cost to Australian businesses from cyber scams topped $33 billion in 2024 alone.
Reputational Damage: When a firm’s client loses money due to a fraudulent email, trust erodes. The firm faces public scrutiny, legal liability, and loss of future business.
Operational Disruption: Remediation, legal disputes, and investigations consume time and resources, causing stress for clients and staff alike.
Put simply - Most organisations have weak (or non-existent) Email reputation management settings.
For many Organisations they have no idea that they are at risk - these settings are not compulsory for email to work, hence, they are most often simply ignored as "it works, why do I need that".
Unfortunately, the lack of robust email reputation management makes these Organisations prime targets for malicious threat actors looking to use Business Email Compromise for financial gain. Without security protocols like SPF, DKIM, and DMARC, anyone can “spoof” an organisation’s identity and trick clients into believing a fraudulent message is genuine.
SPF (Sender Policy Framework): Lets organisations specify which servers can send emails on their behalf. Without this, attackers can send emails that appear to be from the organisation.
DKIM (DomainKeys Identified Mail): Adds a tamper-proof signature to emails, helping recipients detect if messages are altered in transit.
DMARC (Domain-based Message Authentication, Reporting & Conformance): Builds on SPF and DKIM, letting organisations tell receiving servers how to handle unauthenticated messages (e.g., reject or quarantine them). DMARC also alerts the organisation to attempted misuse of their domain.
In practice: If any one of these settings is missing or misconfigured, attackers can exploit gaps to send fraudulent emails, risking both money and reputation.
Getting SPF, DKIM, and DMARC right isn’t simple. Each setting must be tailored to a firm’s unique email environment and cover every email system, cloud provider, or third-party service.
Complexity: Properly configuring these settings means analysing all outgoing email sources and frequently updating records as systems change.
Continuous Monitoring: Ongoing vigilance is essential. DMARC provides daily reports flagging spoofing attempts or authentication failures. A specialist can interpret these reports, fix misconfigurations, and respond to emerging threats fast.
Long-Term Protection: Threats evolve. Relying on a one-off, “set and forget” approach leaves gaps. Email reputation is an ongoing process that requires routine audits, response protocols, and rapid escalation as soon as risks appear.
As an absolute minimum, ensure that the following are accurate and in place:
SPF record containing only the services that are used to send email today;
DKIM records for each of the above mail services defined above; and
The above three steps will provide protection against most spoofing attacks.
To further protect the email environment, specialist DMARC service providers (like Microsolve) will need to be engaged to provide a destination and analysis service for the AGGREGATE and FORENSIC reporting email addresses - this information is critical in understanding how and where spoofing attacks originate as well as identifying potential issues with DMARC setup as an email environment changes.
Finally, specific cryptographic encryption settings, collectively known as MTA-TLS and MTA-STS should be configured and activated to protect against Man-In-The-Middle attacks.
Organisations of all sizes should consult a security specialist to ensure robust, future-proof protection. Microsolve offers tailored, proactive solutions, including advanced authentication settings, monitoring, and rapid threat intelligence, with a focus on care, health, and professional environments.
For comprehensive protection, consider Microsolve’s tailored email security solutions that offer expert configuration, ongoing monitoring, and rapid response to emerging threats.