With over 3.4 billion fake emails being sent on a daily basis, it comes to no surprise that phishing is one of the most common methods used by cyber criminals. This time, it’s a housing association that’s been hit by an email phishing cyber attack . . .
The Plentific attack, which resulted in residents receiving phishing emails, was caused after a cyber attack against the housing association’s repairs provider left resident email addresses being accessible.
The attackers posed as Plentific, the repairs company, to defraud residents of money by posing as the legitimate business. L&Q, Notting Hill Genesis, Peabody and Penge Churches Housing Association have all been forced to alert targeted residents of the potential scam emails.
What Happened?
Plentific, the PropTech company that runs a platform for connecting local repairs and maintenance contractors with housing associations and residents, has been a growing platform in the property space in the last few years. Large housing associations and property managers are users of the platform, which oversees over 350,000 properties in the UK, US and Germany.
The company detected unauthorised access to its systems and discovered the email addresses of some residents had been accessed. Emails were then sent out to these resident email addresses, posing as Plentific, and asking for the transfer of digital currency to pay for needed repairs.
Plentific hasn’t disclosed how many residents were impacted, but they have confirmed that it wasn’t all client or tenant data that had been affected. The company also said it took immediate remediation action and informed all potentially impacted parties as soon as possible, as well as taking multiple steps to prevent further criminal activity. These steps included engaging with a third-party cyber specialist and privacy experts.
In the aftermath of the attack, which highlights the dangers of phishing emails to all sectors, Plentific has continued to operate and monitor its systems, finding no further evidence of unauthorised access or malicious activity.
The Impact
Following the attack, all affected landlords have informed the Information Commissioner’s Office (ICO) and the Regulator of Social Housing. All affected residents have also been provided support and advice.
Fortunately, the housing associations have said that the vast majority of the phishing emails landed in the resident’s spam folders due to the email containing the word ‘bitcoin’ within the body text. It is so far unclear how many, if any, residents actually parted with money.
In light of the attack, L&Q has suspended all of its new work with Plentific until a full investigation into the attack has happened. However, this serves as a reminder for both businesses and consumers to watch out for phishing emails, particularly those appearing as brands or companies that are trusted and known.