Phishing Attack Has Targeted Domain Group Site Users
A Scam that Used a Phishing Attack to Gain Access to Domain’s Administrative Systems Was Identified.
Domain Group, an Australian digital real estate business, confirmed that its platform was the victim of a phishing attack.
Phishing is a malicious technique used by cybercriminals to gather sensitive information (credit card data, usernames and passwords, etc.) from users. The attackers pretend to be a trustworthy entity to bait the victims into trusting them and revealing their confidential data. The data gathered through phishing can be used for financial theft, identity theft, to gain unauthorized access to the victim’s accounts or to accounts they have access to, to blackmail the victim and more.
Domain Group is 65% owned by Nine Entertainment Co as a result of the Fairfax-Nine merge, and as you may remember Nine had its services disrupted earlier this year as a result of a cyber-attack forcing the station to go off the air at that time.
The technology that brings you 9 News every night is under attack by hackers.
— 9News Australia (@9NewsAUS) March 28, 2021
Even if the companies are from the same family, Domain declared that the latest incident was not related to the one experienced by Nine.
We have identified a scam that used a phishing attack to gain access to Domain’s administrative systems to engage with people who have made rental property inquiries.
We understand the scammers then contacted some of these people by email to suggest that they pay a ‘deposit’ to secure a rental property on a website nominated by the scammer.
Domain declared that the attack is a serious matter, but fortunately, at this point, the investigation showed that only a small number of people may have engaged with the scam.
Clearly, people are becoming more aware of how to spot suspicious online behavior and taking protective measures not to engage in such activity.
Unfortunately, since Covid, scams like these have been on the rise. It is disappointing for us to find out that after such a challenging past twelve months for many of us, some see this as an opportunity to take advantage of others.
The CEO of Domain declared that since finding out about the scam, the company has put in place a few extra additional security controls, therefore increasing its level of monitoring even further.
We continue to implement further ways to identify and prevent phishing and have engaged external security consultants to provide further expertise in the management and prevention of online scams.
Another cyberattack took place in New Zealand, where Waikato District Health Board has been working to get its systems back online, after it experienced a full outage of its information services, in what seems to be a ransomware attack, in which the head of Waikato DHB decided that “no ransom will be paid” to cybercriminals.
Waikato DHB said that it’s making “good progress” on restoring the infected systems and on the remediation process.
We are currently working with other government departments to investigate the cause, but are working on the theory that the initial incursion was via an email attachment. A forensic investigation is ongoing.
The ransomware attack meant that all services across Waikato, Thames, Te Kūiti, Tokoroa, and Taumarunui hospitals have been impacted as a result, with the Waikato Hospital, having to defer some elective surgeries, while the number of outpatient clinics has been reduced.
Heimdal™ Ransomware Encryption Protection
- Blocks any unauthorized encryption attempts;
- Detects ransomware regardless of signature;
- Universal compatibility with any cybersecurity solution;
- Full audit trail with stunning graphics;