Scammers used phishing attacks to gain access to the company’s admin portal and then engaged with people who have contacted the company about property rental. The scammers then tried to dupe those individuals into making a monetary deposit.
Domain Group, an Australian digital real estate company, has confirmed a phishing attack:
“We have identified a scam that used a phishing attack to gain access to Domain’s administrative systems to engage with people who have made rental property enquiries,” the company’s CEO Jason Pellegrino said in a statement to ZDNet.
“We understand the scammers then contacted some of these people by email to suggest that they pay a ‘deposit’ to secure a rental property on a website nominated by the scammer.”
Domain said that its investigation showed that only some people have engaged with the scammers which they explain by an overall raised awareness about online scams.
“Clearly people are becoming more aware of how to spot suspicious online behavior and taking protective measures not to engage in such activity,” Pellegrino added.
“Unfortunately, since Covid, scams like these have been on the rise. It is disappointing for us to find out that after such a challenging past twelve months for many of us, some see this as an opportunity to take advantage of others.”
Domain has implemented certain additional security controls and expanded its monitoring to prevent such attacks in the future.
“We continue to implement further ways to identify and prevent phishing and have engaged external security consultants to provide further expertise in the management and prevention of online scams,” he said.
Earlier this year, Domain Group’s parent company Nine Entertainment Co was hit by a cyberattack that had forced it to shut down systems. Domain said the latest attack has no relation to the one that hit Nine Entertainment Co.