Housing portal Domain is warning clients to be careful when securing rental properties on its website after a cyber-attack allowed an unauthorised third party to access personal information and demand deposits.

“We have identified a scam that used a phishing attack to gain access to Domain’s administrative systems to engage with people who have made rental property enquiries,” the Sydney Morning Herald newspaper quoted CEO Jason Pellegrino saying in an email sent to the website’s users.

“We understand the scammers then contacted some of these people by email to suggest that they pay a ‘deposit’ to secure a rental property on a website nominated by the scammer. Importantly, we have had no reports made by an individual directly to Domain who had fallen for the scam.”

However, he cautioned clients there is a risk some of their personal information, such as phone numbers and email addresses, may have been accessed by the hacker. It is unclear how many users were affected, he added.

“We appreciate this can be concerning information to hear, and we are sorry for any stress or negative impact this causes you,” he said.

Pellegrino also stated that the company had security measures in place at the time of the attack and has implemented further measures to prevent damage.

“Unfortunately, since Covid scams like these have been on the rise. It is disappointing for us to find out that after such a challenging past twelve months for many of us some see this as an opportunity to take advantage of others,” he added.

Domain has contacted the Australian Information Commissioner and other relevant authorities about the scam.