ASIC warns of spoof email campaign


By Dylan Bushell-Embling
Wednesday, 09 August, 2017

ASIC warns of spoof email campaign

The Australian Securities and Investments Commission (ASIC) has warned users of its registry service to be vigilant of scam emails claiming to be from the commission in the wake of two large influxes in recent weeks.

ASIC said fake emails are circulating containing attachments or links to fake invoices containing malware. The fake emails appear similar to genuine ASIC emails.

No legitimate ASIC email will ask users to make a payment over the phone, make a payment to receive a refund, ask for credit card or bank details directly by email or phone, or to download any software, according to ASIC Commissioner John Price.

“It is always important to be wary of unsolicited emails that demand payment or contain suspicious attachments or links, especially if you have never dealt with the organisation they are from,” he said.

Email security company MailGuard said of the two waves of fraudulent emails, one originated from a domain registered in China, while the other was distributed from a domain set up in Cyprus.

Australian businesses are impersonated by cybercriminals daily in scams aimed at stealing money or private information, MailGuard said. The larger an organisation, the more likely they are to be spoofed.

The most common seasonal scams targeting Australia include spoofed Australia Post emails during the lead-up to Christmas, fraud ATO and ASIC emails around tax time and fake energy invoices from companies including AGL, Origin Energy and EnergyAustralia during winter.

Scams popular year-round include fake invoices from telcos including Optus and Telstra, phishing attempts purporting to be from Westpac, ANZ, NAB, Commonwealth Bank and Macquarie Bank, as well as fake messages from popular international online services including PayPal, Dropbox, Google Drive, Apple and Office 365.

Besides the ASIC impersonation campaigns, a wave of fake tax invoices purporting to be from the go via Queensland road toll network are circulating, MailGuard added. The fake invoices include a “download statement” button that hides a malicious JavaScript file.

The domain used in the scam — do_not_reply@goviau.co — was registered in China less than seven hours before fake invoices began landing in inboxes. The real go via domain is http://govianetwork.com.au/.

Follow us on Twitter and Facebook

Related Articles

Secure-by-design software development for digital innovation

The rise of DevSecOps methodologies and developments in AI offers every business the opportunity...

Bolstering AI-powered cybersecurity in the face of increasing threats

The escalation of complex cyber risks is becoming a pressing issue for those in business...

How attackers are weaponising GenAI through data poisoning and manipulation

The possibility for shared large language models to be manipulated through data poisoning...

Content from other channels on our network

6G-REFERENCE project envisions cell-free comms in urban areas

Vertiv boosts colocation data centre capacity for Chorus

'Curving' light beams could enable terahertz comms

Panasonic offers private 5G network testing in Munich

Antenna upgrade enables better sewer management

Robotic lab enhances battery manufacturing

Machine learning used to create fabric-based touch sensor

Hybrid sodium-ion battery can be charged in a few minutes

Researchers develop energy-efficient probabilistic computer

Wearable sensor measures real skin feel

Cobalt Iron earns patent on analytics-based dynamic authorisation control

Shoalhaven City Council uses AI to deliver safer roads to the community

Smart technologies: helping councils improve community services and sustainability

Infrastructure projects a funding black hole without asset management

Gartner announces top government technology trends

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd