Jaclyn McRae 29 May 2017 12:55:09 AEST 2 MIN READ

Scammers impersonate government agency in new malware attack

 A domain set up just yesterday is being used to impersonate ASIC via email to infect Australian computers with malware.

The email blast began this morning and is still under way, with tens of thousands of copies already distributed. It contains a link to a malicious file capable of compromising a computer or system.

Purporting to be from ‘ASIC Messaging Service’, the letter tells recipients to click a link to see a ‘company renewal’ letter. Instead, the link triggers the download of a malicious file.

The scam originates from the domain ‘australiangovernments.com’, set up yesterday via a registrar based in Hong Kong.

It’s not the first time ASIC has been falsely represented by scammers. In early March a similarly large distribution of fake ASIC emails hit inboxes. In late January ASIC was again mimicked by cybercriminals.

While the new attack contains ASIC branding, it doesn’t address recipients by name or contain any information about the company name that supposedly needs renewal.

Scammers impersonate ASIC malware email attack MailGuard.jpg

It’s signed off by Ashley Hughes, apparently Senior Executive Leader at the government agency. However, no staff member by that name appears to exist at ASIC.

Those who click to the link inadvertently download a malicious JavaScript file housed within a zip file on a compromised SharePoint site.

Scammers impersonate ASIC malware email attack MailGuard2.jpg

The scammers have taken steps to evade detection, setting up their domain with SPF, DKIM and reverse DNS to avoid common anti-spam checks.

While the exact type of malware isn’t clear – it could be anything from a virus to ransomware – malware is generally designed to disrupt, damage or gain control of a computer system or data.

Malware can reformat your hard drive, alter, delete or encrypt files, steal sensitive information, send unauthorised emails, or take control of your computer and all of the software on it.

The real ASIC website warns about scams targeting ASIC customers.

“Scammers pretending to be from ASIC have been contacting Registry customers asking them to pay fees and give personal information to renew their business or company name,” ASIC says.

“These emails often have a link that provides an invoice with fake payment details or infects your computer with malware if you click the link.”

Further information: Why email scammers hide behind big names

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.

Keep Informed with Weekly Updates


^ Back to Top