MailGuard has intercepted a new email scam that impersonates the Australian Securities and Investments Commission (ASIC) in a calculated attempt to deceive Australian businesses.
The fraudulent email presents itself as a legitimate notification from ASIC, alleging that your company is under investigation for financial reporting non-compliance. The email urges recipients to respond before 5:00 PM on the same day and includes a link to a supposed “legal portal” to review the case file.
Here’s what the scam looks like:
The sender’s name is spoofed to appear as “ASIC Investigation”, but the display and sending email addresses (e.g., samarthtrehan(at)thehdfcschoolggn(dot)com, htlhlew001(at)mymail(dot)sim(dot)edu(dot)sg) are clearly unrelated to ASIC. The scam plays on urgency and authority to pressure recipients into clicking through.
Clicking the “VIEW LEGAL FILE” link leads to a convincing fake document portal, hosted on a domain like goodydoc(dot)vercel(dot)app — a clear red flag.
The scam operates as follows:
Page 1 – Asks you to verify your email address.
Page 2 – Requests your password and prompts for it multiple times, likely as a method to validate credentials and bypass common typos.
Failed password messages force users to re-enter their details to confirm that they haven't inadvertently made an error.
Page 3 – Redirects you to a legitimate Microsoft OneDrive page, masking the data theft.
This multi-step phishing flow is designed to harvest your email credentials and use them for further compromise—such as lateral phishing attacks, business email compromise (BEC), or unauthorized access to sensitive data.
Scams like this one demonstrate how cybercriminals continue to exploit trust in government institutions and leverage timing pressure to create a false sense of urgency.
These types of phishing attacks:
MailGuard’s real-time, AI/ML-driven threat filtering successfully intercepted this threat—before it reached inboxes.
Stay Safe - Know the Signs
MailGuard advises all recipients of these emails to delete them immediately without clicking on any links. Responding or providing personal details can lead to identity theft, data breaches, and financial losses.
Avoid emails that:
Many businesses turn to MailGuard after a near miss or incident. Don't wait until it's too late.
Reach out to our team for a confidential discussion by emailing expert@mailguard.com.au or calling 1300 30 44 30.
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's specialist, 'zero zero-day' email security. Special Ops for when speed matters! Our real-time 'zero-zero-day', email threat detection amplifies our client’s intelligence, knowledge, security and defence. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.