An elaborate email scam is unfolding in Australia that is infecting computers with malware, according to a post on the MailGuard blog.
Speculation is that a stolen ID was used in the scam as emails appear to come from the Australian Securities and Investment Commission (ASIC), but a trace back to the domain revealed the email actually came from a phony domain registered in China.
The email comes loaded with a JavaScript dropper intended to install malware on victims' computer systems, most likely a trojan or ransomware, according to MailGuard's cybersecurity researchers.
The message disguises itself as a renewal letter from ASIC, but it arrives not from the legitimate government ASIC site, asic.gov.au, but rather from an austgov.com domain, which was registered in China.
The MailGuard researchers said that as China is strict about domain registration requirements, there's a high chance that a "stolen ID was used by cybercriminals to set up the scam."
Recipients who are duped by the legitimate appearance of the email and click on the ‘Renewal letter' link are at risk of inviting malware.
This campaign is not the only instance of email scams circulating in Australia, the researchers stated. A number of other scams, some impersonating MYOB (Mind Your Own Business, an Australian multinational that provides tax services), and the government site myGov, have been circulating in large volumes recently.
ASIC's website offered this advice for avoiding email scams:
- Keep your anti-virus software up to date
- Be wary of emails that don't address you by name or misspell your details and have unknown attachments
- Don't click any links on a suspicious email.