How to Spot the Go Via Invoice Scam

Posted by Emmanuel Marshall on 20 December 2017 17:30:00 AEDT

There’s a new email scam out today linking to a fake Go Via invoice. MailGuard detected this email attack mid-morning today. At the time MailGuard intercepted this email, no other security vendors were detecting it.As you can see in the screenshot above, this scam email advises the recipient that their ‘invoice statement’ is ‘available for download.’ The download link goes to .zip archive on a compromised SharePoint account. This archived folder contains a malware payload, so the intention of this attack is probably to install a trojan of some kind on victim’s computers.


Go Via is a toll-road billing service based in Brisbane, Australia. The company provides toll payment accounts for motorists.

Like banks and telco’s, toll-road payment companies get more than their fair share of attention from scams. (MailGuard intercepted another scam using CityLink branding last Thursday.)

Go Via fits the profile for the sort of business that scammers like to impersonate, because they have a large customer base, are well trusted, and routinely communicate with their customers through web portals and email.

Go Via has had their business name ripped off by brandjacking scams before and advise their customers to ensure that emails they receive are genuine.

You can see from the screenshot that this particular scam email is not very well designed. The cybercriminals behind the attack have tried to make it look more convincing by using images in the body of the message, but the links haven’t worked properly and the images aren’t visible to the recipient.

Design glitches like missing images are red-flags that indicate an email may be suspicious. Other common indicators of scam emails are:

  • spelling and grammatical mistakes
  • incorrect sender names
  • Impersonal greetings like ‘dear customer’ instead of a specific recipient name

The scammers sending out this email have created a new domain name ‘govian[dot]org - trying to mimic the actual Go Via URL, which is govia[dot]com[dot]au

The govian[dot]org URL was registered on Dec 18 in China and has no connection with the actual Go Via company.


Protect Your Inbox

  • Always hover your mouse over links within emails and check the domain they’re pointing to. If they look suspicious or unfamiliar don’t open them.

  • 9 out of 10 cyber-attacks are delivered via email, so it's essential to have the best email filtering in place to protect your systems. For a few dollars per staff member per month, you can have the peace of mind of MailGuard's comprehensive cloud-based email and web filtering. You’ll significantly reduce the risk of zero-day (previously unknown) threats and stop new variants of malicious email from entering your network.

  • Keep up to date on the latest scams by subscribing to MailGuard updates or follow us on social media. If you’re experiencing problems, you can speak to a cloud security specialist on 1300 30 44 30 



Topics: cybercrime Threat Update go via

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all