Cybercriminals are targeting Australian business inboxes with a very large run of scam emails today, purporting to be from ‘ASIC Messaging Service.’
MailGuard began blocking the very large run of emails at 08:16AM AEST today.
The well-crafted emails could easily catch-out businesses who don’t think twice before clicking. The display name ‘ASIC Messaging Service’ and sending email ‘asic.transaction.no-reply @ ato.gov.autsl.com’ may resemble legitimate credentials, however the ‘autsl.com’ domain was only registered yesterday with a registrar in China.
Unlike other email scams, this email is also well authored with very few spelling or grammatical errors, which are the typical tell-tale signs of a scam.
The attack tells recipients their business name is due for renewal, and directs them to click a link to download their renewal notice.
But the attachment links to a .zip archive file, which contains a malicious JavaScript file. ![Opening Notification_1-BYH7K31.zip_120[9].png](https://www.mailguard.com.au/hubfs/Opening%20Notification_1-BYH7K31.zip_120%5B9%5D.png)
The link in the email prompts users to download a .ZIP file which contains a malicious JavaScript file. The downloaded file seeks to steal the users private credentials from local internet browsers, and installs itself for autorun at Windows startup.
What to look for
- The email appears to be from ‘ASIC Messaging Service’, and is sent from the domain transaction.no-reply @ ato.gov.autsl.com’
- The domain was registered yesterday in China
- The subject line is ‘Renewal’
- The well-formatted message contains ASIC branding and government coat of arms
- It lacks personalisation
- The email provides details on how to renew a business name, and tells recipients they can pay for the fake renewal by credit card or by requesting an invoice. The payment tips are just part of the scam; the cybercriminals want victims to download the malicious attachment rather than to open their wallets.
- The email is signed off by ‘Alicia Bellatuono, Senior Executive Leader, Registry’. No employee by that name appears to exist at ASIC.
ASIC is regularly mimicked by cybercriminals. Similar scams targeted Australian inboxes in January, March, May, and July.
MailGuard urges Australians to hesitate before clicking any type of attachment or link in an email if they’re uncertain of its legitimacy.
For a few dollars per staff member per month, add MailGuard's cloud-based email and web security to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.
