Part 4 of the 5 part series: Future-Proofing Your Conveyancing Practice

Email is the Achilles heel of many businesses. Nearly every large-scale property fraud or trust account diversion attack in Australia starts the same way – an email is intercepted.

Conveyancers rely heavily on email because it’s convenient – but attackers exploit that reliance with devastating precision.

Let’s break down why email is no longer safe, and what conveyancers must co.

Why Email is the #1 Risk in Conveyancing

Email Wasn’t Designed to Prove Identity or Integrity

Email lacks built-in:

• Sender validation
• Message integrity
• Proof of authenticity
• Protection against tampering

Even with multi-factor authentication (MFA), email is fundamentally in secure for sensitive communication. Although there are things you can (and should) do to strengthen your email setup, these alone are not enough.

Attackers Systematically Target Conveyancers

They know:

• When settlement occurs
• How contracts flow
• What typical instructions look like
• Who the buyer and seller are

The fraud is often invisible until it’s too late.

Microsoft 365 and Google Workspace are not Secure by Default

Many firms assume that Microsoft 365 (for example) handles everything, but out-of-the-box settings leave gaps:

• Weak MFA restrictions
• No conditional access
• No email authentication enforcement
• No email encryption
• No anti-spoofing protections

Realistic Alternatives Conveyancers Should be Using

Secure Transaction Portals

These provide:

• MFA access
• Encrypted document sharing
• Secure bank detail exchange
• Logging and audit trails

Encrypted Secure Messaging Platforms

Ensure that communication with your clients is secure and safe from prying eyes to guard against message interception and attackers knowing the transaction details listed above. Some conveyancing CRMs and practice management systems support secure client messaging. Make certain that yours does, and that you’re using it – or at least that you’re using an alternative secure and encrypted messaging platform otherwise.

Protected File Vaults for ID Documents

Sensitive documents should be shared via secure storage only. There are multiple options here, ranging from carefully configured SharePoint / OneDrive folders right through to third party Data Rooms.

Email Hardening Every Conveyancer Should Implement

If email must be used for any communications (and let’s face it – it’s not going away any time soon), it should be hardened properly:

• Enable MFA enforcement across the entire tenant
• Add SPF, DKIM, and DMARC with “reject” policy
• Enable Client Rules Forwarding Alerts
• Block legacy authentication
• Restrict access to Australian IP ranges
• Deploy an email security gateway
• Train staff to verify bank details via voice, never email

Upcoming AML/CTF Changes Make all This Even More Critical

Regulatory expectations are set to shift sharply in 2026. Conveyancers will be expected to prove:

• Email integrity
• Record protection
• Secure handling of ID and financial data
• Regular, secure, immutable backups

Final Thoughts

The cost of upgrading email security is tiny compared to the risk of a single compromised settlement. Conveyancers who modernise now are not only protecting clients – they’re protecting their own licences and reputations.

All of this, and many of the impending AML/CTF obligations, can be met or facilitated by the right IT setup.

We offer a free Email Security Scorecard for conveyancers, including DMARC checks and account security analysis. Contact us to find out more.