An elaborate phishing scam targets rental applicants
An elaborate phishing scam has left Australian rental applicants out of pocket, after real estate listing portal, Domain, was hit by a cyber attack.
Domain CEO Jason Pellegrino confirmed in a statement that an unauthorised third party had gained access to the site’s administrative systems.
This resulted in some users who had made rental enquiries being contacted by the scammers via email with requests to pay a deposit to secure their desired property.
“We have identified a scam that used a phishing attack to gain access to Domain’s administrative systems to engage with people who have made rental property enquiries,” Pellegrino said.
“We understand the scammers then contacted some of these people by email to suggest that they pay a ‘deposit’ to secure a rental property on a website nominated by the scammer.
“While this is a serious matter, at this point our investigation shows only a small number of people may have engaged with the scam.
“Clearly, people are becoming more aware of how to spot suspicious online behaviour and taking protective measures not to engage in such activity.
“Unfortunately, since COVID, scams like these have been on the rise. It is disappointing for us to find out that after such a challenging past twelve months for many of us, some see this as an opportunity to take advantage of others.”
Since the incident, Pellegrino said Domain had implemented “several additional security controls” and had “elevated our level of monitoring even further”.
“We continue to implement further ways to identify and prevent phishing and have engaged external security consultants to provide further expertise in the management and prevention of online scams,” he said.
Phishing scams attempt to trick individuals into sharing personal information such as bank account numbers, passwords, and credit card numbers with scammers.
According to the Australian Competition & Consumer Commission’s ScamWatcch, $227,872 had been lost to 4460 scams in April alone.