Australian business owners have been warned to avoid clicking a malicious email claiming to be from the Australian Securities & Investments Commission (ASIC), with the high-risk message containing hidden ransomware.
The email was distributed to tens of thousands of addresses just as people arrived at work this morning, and has been labeled as one of the largest-scale fraud email inundations seen in recent times.
Claiming to be from ASIC, the message downloads ransomware to the computers of those who click its links.
While the email claims to be from ‘ASIC Messaging Service’, it was sent from a new domain registered just today in China, advising recipients that their company name needs to be renewed, before instructing them to click a link to do so.
“The link was not being detected as suspicious by any of 64 well-known antivirus engines on Google-owned aggregator VirusTotal when MailGuard intercepted the email this morning.”
According to McDonald, the email contains the government coat of arms and ASIC logo and appears to contain a fake email signature attributed to ‘Max Morgan, Senior Executive Leader’ at ASIC.
“No such employee appears to exist at the commission,” McDonald confirmed.
In other warning signs, McDonald said the correspondence is general in nature and doesn’t address recipients by name while the domain name, asic-gov-au.co, differs from the real ASIC domain: asic.gov.au.
“The cybercriminals behind the scam advise recipients that if their business name no longer needs to be registered, they need to email firstname.lastname@example.org, which is the real cancellation address provided by ASIC,” McDonald added.
According to McDonald, this is the second large-scale fraud email purporting to be from ASIC in recent times, with MailGuard identifying a similar scam in late January.
As outlined via the ASIC website, scammers have been contacting registry customers asking them to pay fees and give personal information to renew their business or company name.
“These emails often have a link that provides an invoice with fake payment details or infects your computer with malware if you click the link,” the ASIC website stated.
As a result, the site advises users to keep anti-virus software up to date, be wary of emails that don't address the user by name or misspell details and have unknown attachments and to avoid clicking any links on a suspicious email.
The email comes weeks after a similar scam impacted the Australian Taxation Office (ATO), telling recipients their Business Activity Statement (BAS) is available to view, with the well-formatted email also including the Australian Government coat of arms image sourced from the ATO website.