ASIC ‘business name renewal’ email scam targets Aussie businesses

Posted by Daniel McShanag on 18 September 2017 15:00:14 AEST

Cybercriminals are targeting Australian business inboxes with a very large run of scam emails today, purporting to be from ‘ASIC Messaging Service.’

MailGuard began blocking the very large run of emails at 08:16AM AEST today.

ASIC_180917_masked.png

The well-crafted emails could easily catch-out businesses who don’t think twice before clicking. The display name ‘ASIC Messaging Service’ and sending email ‘asic.transaction.no-reply @ ato.gov.autsl.com’ may resemble legitimate credentials, however the ‘autsl.com’ domain was only registered yesterday with a registrar in China.

Unlike other email scams, this email is also well authored with very few spelling or grammatical errors, which are the typical tell-tale signs of a scam.

The attack tells recipients their business name is due for renewal, and directs them to click a link to download their renewal notice.

But the attachment links to a .zip archive file, which contains a malicious JavaScript file. Opening Notification_1-BYH7K31.zip_120[9].png

The link in the email prompts users to download a .ZIP file which contains a malicious JavaScript file. The downloaded file seeks to steal the users private credentials from local internet browsers, and installs itself for autorun at Windows startup.

What to look for

  • The email appears to be from ‘ASIC Messaging Service’, and is sent from the domain transaction.no-reply @ ato.gov.autsl.com’
  • The domain was registered yesterday in China
  • The subject line is ‘Renewal’
  • The well-formatted message contains ASIC branding and government coat of arms
  • It lacks personalisation
  • The email provides details on how to renew a business name, and tells recipients they can pay for the fake renewal by credit card or by requesting an invoice. The payment tips are just part of the scam; the cybercriminals want victims to download the malicious attachment rather than to open their wallets.
  • The email is signed off by ‘Alicia Bellatuono, Senior Executive Leader, Registry’. No employee by that name appears to exist at ASIC.

ASIC is regularly mimicked by cybercriminals. Similar scams targeted Australian inboxes in JanuaryMarch, May, and July.

MailGuard urges Australians to hesitate before clicking any type of attachment or link in an email if they’re uncertain of its legitimacy.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web security to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.

Keep Informed with Weekly Updates

 

^ Back to Top

Topics: Malware email scam Cybersecurity cybercrime Survivingcybercrime cybercrime statistics hoax email brandjacking Australian brands

Back to Blog

Comments:


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all