Akankasha Dewan 06 December 2018 12:31:07 AEDT 3 MIN READ

Payload email scam spoofing VicRoads and VCAT circulates

VicRoads and Victorian Civil And Administrative Tribunal (VCAT) are among the latest victims of brandjacking by cybercriminals. MailGuard intercepted two variations of a payload email scam involving the government bodies on Monday afternoon (AEST).

Appearing without a display name, the emails actually come from what appears to be a compromised Sparkpost account.  

The first variation of the email scam masquerades as an application to VCAT and appears in two different formats. Within the first format, the body of the email thanks the recipient for submitting an application and directs them to open an attached copy of their application. Here’s a screenshot of this email:

Vicroads Scam 1 edited

Besides the above, cybercriminals also sent out hoax emails regarding VCAT applications in another format, as per the below:

Vicroads Scam 2 edited

There is a PDF file attached with both emails. Upon opening the PDF, recipients are directed to click on a link to a site that then begins the download of a malicious .zip file. This is designed to infect recipients’ computers.

The second variation of this email scam purports to be from VicRoads and includes the subject "It's time to pay your rego 9823892-129381"

Incorporating the logo and branding of the government agency, the body of the message advises the recipient that their vehicle registration is due to expire soon and that they should renew it. Users are informed that if they do not pay by the due date, their vehicle will be unregistered. They are directed to download an attached ‘certificate of registration’, as per the screenshot below:

Vic Roads email social

Recipients who download the attachment are led to a .zip file containing a malicious .vbs file.

Government bodies such as VicRoads are often susceptible to being impersonated by cybercriminals during email scams as more people are likely to open an email or attachment from such authoritative and trustworthy organisations. In addition, cybercriminals also target such organisations as they deal with larger groups of people on an everyday basis, hence leading to a wider victim pool.  

MailGuard recommends these steps to avoid being tricked by a fraud email:

  • Check who it was sent by. Examine the sender or reply-to address and check that it hasn’t been sent from a similar, but recently-registered domain such as mailguard.com instead of mailguard.com.au
  • Be alert for strange sentence structure, or phrasing uncommon to the apparent sender
  • Ensure your email security is up to scratch. A cloud-based, AI-based threat detection service such as MailGuard will protect your staff in real-time from targeted attacks, without the dangerous time-lag common with signature-based antivirus vendors.


Secure your inbox

Effective cybersecurity requires a multi-layered strategy. For a few dollars per staff member per month, add MailGuard's predictive email security. You’ll significantly reduce the risk of malicious emails, like the one above, entering your network. 

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: expert@mailguard.com.au

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.

Keep Informed with Weekly Updates


^ Back to Top