An email that claims to be from ASIC is instead a repository for Windows ransomware that will be downloaded if the recipients click on a link within the missive, the e-mail security company MailGuard claims.
The company said the email had landed in people's inboxes this morning and was timed to catch people at the beginning of the working week. Later MailGuard informed iTWire that the ransomware in questioon was CryptoLocker.
The email purports to be from ASIC but is actually sent from a domain that was registered today in China.
The Australian government's coat of arms and ASIC logo are in the email which has a fake email signature attributed to "Max Morgan, Senior Executive Leader" at ASIC. MailGuard said no such employee appeared to exist at the commission.
{loadposition sam08}Other warning signs were that the correspondence was general in nature, did not address recipients by name and the domain name, asic-gov-au.co, differed from the real ASIC domain: asic.gov.au.
A screenshot of the bogus ASIS email. Courtesy: MailGuard
Those behind the scam ask people who longer need to have a business name registered to email bncancel@asic.gov.au, which is the real cancellation address provided by ASIC.
MailGuard says those who click on the link will open a malware downloader stored within a JavaScript file. This leads to ransomware being executed remotely, MailGuard claims.
iTWire has asked MailGuard whether it is aware of the name of the ransomware that it claims is being downloaded as a result of clicking on the link in this email.