Warning from ASIC - large-scale email scam.
Wednesday, March 08, 2017
One of the largest scale email scams reported by MailGuard was distributed to thousands of Australian inboxes. Claiming to be from the Australian Securities and Investment Commission (ASIC), the email included a downloadable file-encryption script that delivered a malicious software designed to block access to a computer system until a sum of money is paid.While the email appears to enter inboxes from ‘ASIC Messaging Service’, it was actually sent from a domain registered in China on the same day. It informs recipients their company name requires renewal and instructs them to click a link.
This is the second major fraudulent email said to be from ASIC in recent times. MailGuard identified a similar scam in late-January.
There were some obvious signs that this email was not from ASIC. This was evident by:
The ASIC website advises a number of indicators about the severity of email scams and what to do to stay prepared and informed.
Warning signs the email is not from ASIC
An email is probably a scam and is not from ASIC if it asks you:
If you are unsure if the email is from ASIC
- If you doubt the authenticity of an email you've received from ASIC, forward the entire email to ReportASICEmailFraud@asic.gov.au or contact us.
- You can also report the issue to Scamwatch.
- ASIC's MoneySmart website gives information on how to protect yourself from online scams.
How to avoid email scams in the future
- Keep your anti-virus software up to date.
- Be wary of emails that don't address you by name or misspell your details.
- Be wary of unknown attachments.
- Don't click any links on a suspicious email.
- In other warning signs, the correspondence is general in nature and doesn’t address recipients by name.
If you think you might have accidentally paid funds to a scam or provided your personal details, please contact your bank or financial institution immediately.