Domain, one of Australia’s leading property market platforms, has fallen victim to a cyber attack. Cybercriminals contacted website visitors, asking them to pay a deposit to secure their rental applications.
The threat actors penetrated the Australian business's ecosystem through a phishing attack - where sensitive information is stolen through malicious links within seemingly innocuous emails or websites.
Domain CEO, Jason Pellegrino, warned that the threat actors may have also accessed the personal information of Domain users.
“There is a risk that some of your personal information may have been accessed by an unauthorized third party that has obtained access to Domain’s systems as a result of a scam targeting one of our systems,” Jason said.
The number of victims still under investigation. They may also be targeted by phishing attacks which will continue the pernicious attack cycle.
To prevent this, victims should be wary of any emails received from businesses or legal entities and, ideally, avoid engaging with them. Instead, their legitimacy should be confirmed either by calling the sender via their official phone line or by composing a new email - although caution should still be taken in case the sender’s domain is hijacked.
Phishing attacks are growing in prevalence because they work. With the right amount of emotional manipulation, any human can be tricked into interacting with malicious links, especially if an email seems like the perfect solution to a desperate problem. This is why Covid-themed phishing emails have spiked in recent months.
According to an IBM security intelligence index report, human error was a major contributing cause of 95% of studied breaches. This could be due to ignorance of common cybercriminal tactics.
Increased cyber threat awareness training in the workplace, coupled with monitoring solutions that remediate security vulnerabilities, could be the key to finally reducing the success rate of phishing attacks.