Stolen ID possible in elaborate government email scam

Posted by Jaclyn McRae on 19 April 2017 13:02:29 AEST

A stolen ID may have been used to set up an elaborate ASIC email scam designed to infect victims’ systems with malware.

Sent out to Australian businesses this morning, the email contains a JavaScript dropper. This type of malicious software is designed to install malware on victims’ computer systems.

Two separate reports indicate the dropper is likely to download a trojan or ransomware, according to experts from the MailGuard cybersecurity team.

The zero-day email appears to come from Australian Securities and Investment Commission (ASIC) and claims to contain a company name renewal letter.

ASIC fake ID malware email April 19 MAILGUARD2.jpg

But instead of coming from the legitimate ASIC site,, it is sent from a newly-created domain, which was registered in China.

Chinese authorities are strict about domain registration requirements, and anyone who wants to register a new domain requires an ID scan. This creates a high likelihood that a stolen ID was used by cybercriminals to set up the scam.

The domain is backed by a legitimate email infrastructure in order to trick email servers into accepting the fraudulent emails.

But those who follow the instructions and click the ‘Renewal letter’ link – likely persuaded by the government branding and professional-looking formatting – are instantly at risk of malware.


The email contains the signature of Alexander Ward, purportedly a Senior Executive Leader at ASIC, but nobody matching that description appears to work at ASIC.

Fraud emails targeting Australians have been circulating in high volume over the past week, with separate well-designed scams impersonating MYOB and myGov recently.

MailGuard’s cybersecurity experts have also seen a proliferation of malware hosted on unsuspecting corporate entities’ SharePoint accounts recently.

Advice from ASIC on avoiding scams

ASIC’s website says recently scammers have been contacting registry customers asking them to pay fees and give personal information to renew their business or company name.

“These emails often have a link that provides an invoice with fake payment details or infects your computer with malware if you click the link,” the ASIC website says.

The site offers this advice for avoiding email scams:

  • Keep your antivirus software up to date
  • Be wary of emails that don't address you by name or misspell your details and have unknown attachments
  • Don't click any links on a suspicious email.

MailGuard recommends these steps to avoid being tricked by a fraud email:

  • Check who it was sent by. Examine the sender or reply-to address and check that it hasn’t been sent from a similar, but recently-registered domain such as instead of
  • Beware of links in emails. Before you click anything, take a closer look by hovering your mouse over and checking the destination in your browser. If it doesn’t match, it is not legitimate.
  • Be aware that a reputable company or organisation will never use an email to request personal information. If you think there is a possibility it may be legitimate, type the real URL into your browser or contact the company directly.
  • Be alert for strange sentence structure, or phrasing uncommon to the apparent sender
  • Ensure your email security is up to scratch. A cloud-based, AI-based threat detection service such as MailGuard will protect your staff in real-time from targeted attacks, without the dangerous time-lag common with signature-based antivirus vendors.

Click here to download your free executive guide, Surviving the Rise of Cybercrime, by MailGuard CEO and founder Craig McDonald.

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.

Keep Informed with Weekly Updates


^ Back to Top

Topics: Cybersecurity cybercrime ASIC fake ASIC renewal notice ASIC scam

Back to Blog


    Something Powerful

    Tell The Reader More

    The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


    • Bullets are great
    • For spelling out benefits and
    • Turning visitors into leads.

    Recent Posts

    Posts by Topic

    see all