A malicious email impersonating the Australian Securities and Investments Commission and targeted at time-poor small business owners has been sent to tens of thousands of recipients, with experts warning these scams are likely to become more frequent as the end of financial year approaches.
The attack, uncovered by Mailguard, comes in the form of a fake company name renewal notice and appears to be sent by ASIC, with the email body including ASIC branding and the commission’s privacy policy.
When they click on the hyperlinked “Renewal letter”, users are directed to a website where a file containing malware is downloaded onto their computer. The type of malware is unknown, but it is likely to be either ransomware, a virus, or a keylogger designed to steal users’ login details.
Read more: SMEs urged to back up data as email scam hits QuickBooks
A senior executive leader by the name of Ashley Hughes is listed as the sender of the email, but no staff member of that name exists at ASIC.
The attack actually originates from the domain “australiangovernments.com”, which was registered in Hong Kong the day before the attack went out. Cyber security expert at Sense of Security Michael McKinnon told SmartCompany these attacks are often successful because of how quickly the associated domain names can be registered.
“Hackers will set up the new domain and then the email infrastructure very quickly and then start spamming like crazy. Most email-blocking systems assess domains based on their reputation, so a brand new domain name with no reputation attached to it will often pass through,” he says.
This is why these attacks are also short-lived says McKinnon, because once users start to report the email as spam, the associated domain name’s reputation “diminishes”.
The file downloaded via the email is a .zip, a common file type used to compress multiple files into one to make them smaller and easier to transfer. However, receiving a .zip file in an email should be a red flag for business owners, says McKinnon, and businesses should be deleting any such files if they have not been sent by trusted sources.
”If you’re being sent a zip file or a link to download a zip file, you should be extremely careful,” McKinnon says.
”Though unopened zip files are harmless, the contents of them can contain executables which can then install malicious software on your computer.”
With July 1 fast approaching, McKinnon warns there’s “no question” business owners will see an increase in these type of scams during the end of financial year rush.
There have been a number of recent scams impersonating organisations that SMEs deal with frequently, including Australia Post, ASIC and the Australian Taxation Office. These follow a similar pattern of a call to action, hoping to catch out time-poor business owners or employees with lots on their plate.
”It’s a busy time of year for Australian business owners, with many people trying to get bills paid and invoices sent before the end of financial year,” McKinnon says.
”All it takes is a busy finance team with one person who adds it to the piles of bills to be paid.”
”Business owners need to take a minute and think about what’s being sent, and see if there’s a way to verify what the email is requesting through ASIC’s website or a similar channel.”
ASIC provides guidelines for business owners targeted by scams on its website.
Never miss a story: sign up to SmartCompany’s free daily newsletter and find our best stories on Twitter, Facebook, LinkedIn and Instagram.
COMMENTS
SmartCompany is committed to hosting lively discussions. Help us keep the conversation useful, interesting and welcoming. We aim to publish comments quickly in the interest of promoting robust conversation, but we’re a small team and we deploy filters to protect against legal risk. Occasionally your comment may be held up while it is being reviewed, but we’re working as fast as we can to keep the conversation rolling.
The SmartCompany comment section is members-only content. Please subscribe to leave a comment.
The SmartCompany comment section is members-only content. Please login to leave a comment.