Jaclyn McRae 06 March 2017 11:48:46 AEDT 3 MIN READ

Alert: Ransomware hidden in fake ASIC renewal notice

 Australians have been warned to avoid clicking a malicious email purporting to be from ASIC.

The email was distributed to tens of thousands of addresses just as people arrived at work this morning. It’s one of the largest-scale fraud email inundations seen by MailGuard in recent times.

Claiming to be from the Australian Securities and Investment Commission, the message downloads file-encryption script - most commonly seen in ransomware - to the computers of those who click its links.

While the email purports to be from ‘ASIC Messaging Service’, it was sent from a new domain registered just today in China. It tells recipients their company name needs to be renewed and instructs them to click a link to do so.

Those curious enough to click the link open a malware downloader stored within a JavaScript file, which paves the way for ransomware to be executed remotely.

Suspicious signs

The email contains the government coat of arms and ASIC logo and appears to contain a fake email signature attributed to ‘Max Morgan, Senior Executive Leader’ at ASIC.  No such employee appears to exist at the commission.

Ransomware hidden in fake ASIC renewal notice MailGuard2.jpg

In other warning signs, the correspondence is general in nature and doesn’t address recipients by name. The domain name, asic-gov-au.co, differs from the real ASIC domain: asic.gov.au.

The cybercriminals behind the scam advise recipients that if their business name no longer needs to be registered, they need to email bncancel@asic.gov.au, which is the real cancellation address provided by ASIC.

This is the second large-scale fraud email purporting to be from ASIC in recent times. MailGuard identified a similar scam in late-January: http://www.mailguard.com.au/blog/dont-click-cybercriminals-impersonate-asic-to-distribute-malware

Advice from ASIC on avoiding scams

ASIC’s website says recently scammers have been contacting registry customers asking them to pay fees and give personal information to renew their business or company name.

“These emails often have a link that provides an invoice with fake payment details or infects your computer with malware if you click the link,” the ASIC website says.

The site offers this advice for avoiding email scams:

  • Keep your anti-virus software up to date
  • Be wary of emails that don't address you by name or misspell your details and have unknown attachments
  • Don't click any links on a suspicious email.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.

Click here to download your free executive guide, Surviving the Rise of Cybercrime, by MailGuard CEO and founder Craig McDonald.


Want to hear more from MailGuard? Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on Twitter @MailGuard.


Keep Informed with Weekly Updates


^ Back to Top