E-Toll Account statements are linking to malicious downloads

Posted by Akankasha Dewan on 12 October 2018 11:19:04 AEDT

NSW Roads and Maritime Services becomes another victim of brandjacking by cybercriminals. 2 variants of hoax emails supposedly sent by the government agency arrived in inboxes yesterday.

Using the display name "NSW Roads and Maritime", the first email informed recipients that their E-Toll account statements are attached. The email also included a link to view the attached statements.

Roads blog

Recipients who unsuspectingly click on the link are led to a malicious file download, which is designed to infect their computers.

MailGuard discovered the message actually comes from a compromised MailChimp account. The owner can be seen in the bottom of the email sample (Varsity College NSW).

The second variant of the email scam was sent late last night, from yet another compromised MailChimp account.

This time, however, the sender’s display name simply stated ‘E-Toll’, and included an account statement supposedly from ‘Australia ROADS AND MARITIME’.

The link to view the attached statement also led to a malicious file download.

Screenshot from 2018-10-12 10-55-52 (003) 

How can I protect myself from these types of email scams?

  • Check who it was sent by. Examine the sender or reply-to address and check that it hasn’t been sent from a similar, but recently-registered domain.
  • Be alert for strange sentence structure, or phrasing uncommon to the apparent sender.
  • Never sidestep formal processes for payments. If in doubt, ring the apparent sender. If they’re not available, wait until they are. A funds transfer is better to arrive later than to be lost without a trace to an overseas cybercriminal.
  • Implement scam-proof approvals processes for financial transfers such as two-factor authentication, which requires two employees to sign off on wire transfers
  • Education is imperative. Teach staff and employees what fraudulent emails look like. 
  • Ensure your email security is up to scratch. A cloud-based, threat detection service such as MailGuard will protect your staff in real-time from targeted attacks, without the dangerous time-lag common with signature-based antivirus vendors.


Click here to download your free executive guide, Surviving the Rise of Cybercrime, by MailGuard CEO and founder Craig McDonald.


Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.

Keep Informed with Weekly Updates


^ Back to Top

Topics: Malware Cybersecurity cybercrime ZeroDay eTicketScam fastbreak

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all