Menu
ASIC, MailChimp, Xero, MYOB and Sage impersonated in Aussie email scams

ASIC, MailChimp, Xero, MYOB and Sage impersonated in Aussie email scams

Learn more about the phishing scams targeting Australian inboxes this week

Scammers have hidden behind the Australian Securities and Investments Commission (ASIC), MailChimp, Xero, MYOB and Sage following a week of heightened email activity across Australia.

On Monday, ASIC warned Registry customers, once again, that an ongoing scam was acting behind its brand asking customers to pay fees and give personal information to renew their business or company name.

"These emails often have a link that provides an invoice with fake payment details or infects your computer with malware if you click the link,” ASIC warned customers.

Email filtering company, MailGuard, said it began blocking the very large run of emails at 08:16AM on Monday.

According to MailGuard, the display name ASIC Messaging Service and sending email asic.transaction.no-reply @ ato.gov.autsl.com may resemble legitimate credentials; however the autsl.com domain was only registered yesterday in China.

The fake ASIC emails tell recipients their business names are due for renewal directing them to download the renewal notice.

The link in the email prompts users to download a .ZIP file which contains a malicious JavaScript file - the downloaded file seeks to steal the users’ private credentials from local internet browsers, and installs itself for auto run at Windows start-up.

Similar scams purporting to be from ASIC have taken place in August, July and April.

Screenshot (MailGuard)
Screenshot (MailGuard)

On Tuesday, emails scams claiming to be from accounting software providers MYOB and Xero were blocked by MailGuard.

The MYOB scam claimed to be sending recipients a supply order for signature, with a DocuSign link to a malicious .ZIP download. The email was sent from randomised names ‘via DocuSign’.

In June, MYOB had its brand hijacked in what was reported to be “the biggest scam email influxes” MailGuard detected in the past 12 months.

Screenshot (MailGuard)
Screenshot (MailGuard)

Meanwhile, the Xero scam was picked up at the same time and, according to MailGuard, pretended to be sending an invoice for the Xero subscription sent from Xero Billing Notifications with the link to ‘View your bill’ leading to a malicious .ZIP payload.  

Screenshot (MailGuard)
Screenshot (MailGuard)

On the same day, cyber criminals used Sage’s brand on a new attack that lasted until Wednesday morning.

The Sage scam imitated a subscription invoice with a link to a compromised SharePoint site hosting a .Zip archive with a malicious JavaScript file.

According to MailGuard the display name for the attack was Sage, with a sending and display address of noreply@sageim(dot)com. The sending domain sageim(dot)com was registered on the 18th of September with a registrar in China.

Screenshot (MailGuard)
Screenshot (MailGuard)

On Wednesday, a MailChimp account was hijacked to deliver malicious code. An email from “DVDs Manager” was sent through the email marketing company services with a fake order confirmation.

The emails contain a view your order link that goes to a benign .docx file hosted on MailChimp. The .docx file contains CDF (computable document format) documents that can be opened in Microsoft Word or Excel.

The CDF documents themselves contain malicious macros, which are presumed to download a remote executable, according to MailGuard.

Screenshot (MailGuard)
Screenshot (MailGuard)

So far this year, Scamwatch has registered a total of $555,000 loss to phishing scams. More than 18,000 reports of these scams were received with 32 per cent of those having been delivered via email.

The Australian Competition and Consumer Commission body has also reported more than 4,000 hacking scams with people and businesses losing more than $1.3 million in 2017 so far.

However most of those reported scams happened over the phone, 24 per cent were via email and the internet. 


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags MailChimpxeroemail scamMYOBASICsecuritymailguardphishingsage

Show Comments