People asking about rental properties on the Domain website have been warned about scammers potentially getting access to their personal details, including name, phone number and postcode.
Domain sent an email to users who recently inquired about rental properties to tell them some of their “personal information may have been accessed by an unauthorised third party”.
“This may include your first name and surname, email address, postcode, details of your enquiry (e.g. any text in the enquiry box field and the time of your enquiry), details of the property you enquired about (e.g. address, rental amount), and phone number (if provided),” the email read.
The phishing attack also saw a number of users asked to pay a “deposit” to get approved for a rental property on another website nominated by the scammer.
Domain chief executive Jason Pellegrino said no one had told the company that they had fallen for the scam and “only a small number of people” had even engaged with it, according to an investigation.
“Clearly, people are becoming more aware of how to spot suspicious online behaviour and taking protective measures not to engage in such activity,” Mr Pellegrino said in a statement.
“Unfortunately, since COVID, scams like these have been on the rise.
“It is disappointing for us to find out that after such a challenging past 12 months for many of us, some see this as an opportunity to take advantage of others.”
Domain said since learning about the cyber attack, security protocols had been strengthened and the Office of the Australian Information Commissioner had been notified.
Mr Pellegrino also said the company had spoken to external security consultants to try to bolster Domain’s protections.
“We appreciate this can be concerning information to hear, and we are sorry for any stress or negative impact this causes you,” the email read.