A scam described as a criminal-intent email exploiting the Australian Securities and Investments Commission is circulating, with security firm MailGuard warning it contains malicious macro code.
According to MailGuard, the simple plain text email has a .doc attachment which contains the malicious code, and although the message purports to be from ASIC the sender URL is actually "asicsau[dot]com", a new domain registered in China.
MailGuard says criminals use .doc macros in attachments like that on this email to install malware on victim’s computers.
“Macros run in the background when .doc files are opened and can be used to download trojans, spyware and viruses.
{loadposition peter}“Criminal-intent email attacks can be enormously costly and destructive, and new scams are appearing every day. Don’t wait until it happens to your business; take action to protect your business from financial and reputational damage, now,” warns MailGuard.
Detection of the fake ASIC email follows MailGuard’s detection of a "fake invoice" email scam using MYOB branding.
According to MailGuard, the messages used in the MYOB cyber crime attack are well formatted, with authentic looking MYOB branding in the footer.
The subject line of this email is: "Invoice TX107350 from Tax Store Australia", and Mailguard says the message urges the recipient to click on a "view invoice" link, which points to a file archive on a compromised SharePoint account. The archive file contains malicious JavaScript malware.