MailGuard recently warned of ransomware hidden in fake ASIC renewal notices. Scammers claiming to be from the Australian Securities and Investments Commission have sent communication telling recipients their company name needs to be renewed and instructs them to click a link to do so. The new phishing scam using false ASIC credentials then installs malware on unsuspecting victims’ computers. To add to the false sense of genuine intentions, the email uses government logos and a fake signature from a phony employee.

The emails, which affected ‘tens of thousands’ of email addresses, originated from a newly registered domain (asic-gov-au.co) in China. The domain is also vastly different to the asic.gov.au official domain.


What’s it look like?

We encourage businesses to share the below information and image with colleagues and business partners.

The below email does display some warning signs :

  • the email recipient is not identified
  • the authentic ASIC email address is in fact asic.gov.au
  • the illegitimate email address used in this email is asix-gov-au.co.
  • the alleged author of this email does not appear to work at ASIC

Do not interact with this email – do not click on any associated link.

Asic scam warning


How does it work?

Clicking any link on the email will mean that your files will be subject to encryption to which the criminals will then offer you access to a unique encryption key to have your files returned.

This key comes at a cost as the ransom amounts demanded are said to be significant.


Advice from ASIC on avoiding scams

Warning signs the email is not from ASIC

An email is probably a scam and is not from ASIC if it asks you:

  • to make a payment over the phone
  • to make a payment to receive a refund
  • for your credit card or bank details directly by email or phone
  • Protecting yourself from email scams

To help protect yourself:

  • keep your anti-virus software up to date
  • be wary of emails that don’t address you by name or misspell your details and have unknown attachments
  • don’t click any links on a suspicious email

You can also check your registration renewal date; ASIC will only issue a renewal notice 30 days before your renewal date. You can search for your business name on our register and if it’s outside our usual timeframe, it might be a scam.

Unsure an email is from ASIC?

If you doubt the authenticity of an email you’ve received from ASIC, forward the entire email to ReportASICEmailFraud@asic.gov.au or contact us and we can confirm if we’ve issued a notice to you.

You can also report the issue to Scamwatch.

This is the second large-scale fraud email purporting to be from ASIC in recent times. MailGuard identified a similar scam in late-January: http://www.mailguard.com.au/blog/dont-click-cybercriminals-impersonate-asic-to-distribute-malware.