Client details leaked, scam emails follow
Real estate classifieds business Domain has announced that it has been hit by a cyber attack. Domain is wanting users to watch for suspicious emails purporting to be from rental agents offering property deals.
The cyber attack allowed hackers to access personal information, including email addresses and phone numbers, according to a report by The Australian Financial Review.
Domain became aware of suspicious activity thanks to collaboration with other property companies. Other companies have also needed to send warnings to their customers, AFR reported.
Domain sources told the publication that only a small number of users had engaged with the emails, and no one had reported paying the deposit sought by the scammers.
The phishing email has been sent to a number of Domain users. It purports to be from a rental agent or agency, and tells recipients that they inquired for a property and could secure the rental by paying a deposit. However, the emails are not actually coming from the agent that listed the property.
“We have identified a scam that used a phishing attack to gain access to Domain’s administrative systems to engage with people who have made rental property inquiries,” Domain chief executive Jason Pellegrino told AFR. “We understand the scammers then contacted some of these people by email to suggest that they pay a ‘deposit’ to secure a rental property on a website nominated by the scammer. While this is a serious matter, at this point our investigation shows only a small number of people may have engaged with the scam. Clearly, people are becoming more aware of how to spot suspicious online behaviour and taking proactive measures not to engage in such activity.”
Read next: ‘Only a matter of time’ until a major cyber attack hits banks – APRA
Sources told AFR that a small number of consumers had reached out to Domain rival REA Group about the scam, but the inquiries were not made through the REA portal.
“Our ongoing investigation does not show any evidence that inquiries made through REA’s portal have been compromised through this phishing scam,” an REA spokesperson said.
Media company Nine, which owns 60% of Domain and publishes AFR, was hit by a cyber attack in March. The attack crippled some of the company’s operations.
LinkedIn | Email