Story image

Australian businesses targeted by ASIC impersonation fraud

13 Mar 17

MailGuard recently warned of a new phishing scam using false ASIC credentials, which installs malware on unsuspecting victims’ computers.

The email looks to be from the Australian Securities and Investment Commission (ASIC) and tricks users into clicking links that then install ransomware.

The message from ‘ASIC Messaging Service’ demands victims must renew their company name by clicking a link. 

To add to the false sense of genuine intentions, the email uses government logos and a fake signature from a phony employee called ‘Max Morgan, Senior Executive Leader’ at ASIC. But there is nobody by that name at the company.

Those who click the link are also informed that if they don’t need to register their business name, they can email bncancel@asic,gov.au, ASIC’s genuine cancellation email address.

The emails, which affected ‘tens of thousands’ of email addresses, originated from a newly registered domain (asic-gov-au.co) in China. The domain is also vastly different to the asic.gov.au official domain.

MailGuard says the link wasn’t being detected as suspicious on any of the antivirus engines listed on VirusTotal. The attack is the second large-scale fraud attack this year, after a similar one occurred in January.

ASIC has also been aware of the scams since January. A statement on the company’s official website says that scammers have been contacting registry customers in order to demand fees and personal information to renew business names. 

ASIC also recommends that users who are unsure of the email’s authenticity to forward the email to ReportASICEmailFraud@asic.gov.au, contact ASIC and report the emails to Scamwatch.

ASIC says the email are most likely scams if they ask users to make payments over the phone, make payments to receive a refund, and request credit card or bank details by email or phone.

ASIC will only issue business renewals 30 days before its renewal date. “You can search for your business name on our register and if it's outside our usual timeframe, it might be a scam.”

ASIC recommends that users:

  • Keep antivirus software up to date
  • Scrutinise emails that don’t use your name, misspell details and include unknown attachments
  • Don’t click links in suspicious emails
  • If funds or personal details have been provided, contact your bank or financial institution immediately.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.