Domain Group Victim of Phishing Attack
Australia’s second-largest real estate marketing business, Domain Group, has confirmed their platform fell victim to a cyberattack. “We have identified a scam that used a phishing attack to gain access to Domain’s administrative systems to engage with people who have made rental property enquiries,” the company’s CEO Jason Pellegrino said, as first reported by the Sydney Morning Herald. According to Pellegrino, the scammers contacted some of these people by email. In the email, they asked for a “deposit” to secure a rental property on a website nominated by the scammer. Except for inner-city units in Sydney and Melbourne, the rental market remains tight in Australia. Especially in Darwin and Perth. In these two remote cities, both house and unit rentals are recording double-digit annual growth.
Only Small Number Engaged with the Scam
Domain emphasized that the attack is a serious matter. But that, at this point, its investigation showed that only a small number of people may have engaged with the scam. “Clearly people are becoming more aware of how to spot suspicious online behavior and taking protective measures not to engage in such activity,” Pellegrino added. Nonetheless, the scammers now have access to people’s personal information, including their first name, surname, email address, postcode, phone number, details of their inquiries and properties they looked at. The scammers may use this information for subsequent scams. Or they might try to commit WhatsApp fraud or identity theft, for example
Domain to Boost Security
Domain reported the breach to the Australian Information Commissioner and other relevant authorities. Pellegrino confirmed that, at the time of the attack, they had security measures in place. And that they have now implemented several additional measures to prevent further damage. Moreover, hired external security consultants will provide Domain with further guidance on how the management and prevention of online scams. “Unfortunately, since Covid, scams like these have been on the rise. It is disappointing for us to find out that after such a challenging past twelve months for many of us, some see this as an opportunity to take advantage of others,” concluded Pellegrino. Working from home has also come with a number of extra cybersecurity risks.
Parent Company Victim of Cyberattack Earlier this Year
Nine Entertainment, Domain’s parent company, was recently at the center of the largest cyberattack on a media company in Australia’s history. In the last week of March, a cybersecurity incident halted live programming for more than 24 hours and forced all staff to work from home. In the attempt to stop the attack, Nine’s publishing arm, including newspapers such as the Age and the Sydney morning Herald, were also affected. Domain claims that this weeks’ incident was not related to the one experienced by Nine at the end of March. Experts later said that the cyberattack launched against Nine had all the traits of a ransomware attack. The lack of demands, however, suggests the attackers were after sensitive information. Or that they, for whatever reason, just wanted to disrupt Nine Entertainment’s services. https://www.youtube-nocookie.com/embed/QXaG1Sltq_g
