{"id":444,"date":"2017-03-10T12:33:53","date_gmt":"2017-03-10T01:33:53","guid":{"rendered":"http:\/\/activateit.net.au\/?p=444"},"modified":"2017-03-10T12:33:53","modified_gmt":"2017-03-10T01:33:53","slug":"mar-10-2017-ransomware-hidden-in-fake-asic-renewal-notice","status":"publish","type":"post","link":"https:\/\/activateit.net.au\/?p=444","title":{"rendered":"Mar 10, 2017: Ransomware hidden in fake ASIC renewal notice"},"content":{"rendered":"<p>Australians have been warned to avoid clicking a malicious email purporting to be from ASIC.<\/p>\n<p>The email was distributed to tens of thousands of addresses just as people arrived at work this morning. It\u2019s one of the largest-scale fraud email inundations seen in recent times.<\/p>\n<p>Claiming to be from the Australian Securities and Investment Commission, the message downloads file-encryption script &#8211; most commonly seen in ransomware &#8211; to the computers of those who click its links.<\/p>\n<p>While the email purports to be from \u2018ASIC Messaging Service\u2019, it was sent from a new domain registered just today in China. It tells recipients their company name needs to be renewed and instructs them to click a link to do so.<\/p>\n<p>Those curious enough to click the link open a malware downloader stored within a JavaScript file, which paves the way for ransomware to be executed remotely.<\/p>\n<p>Suspicious signs:<\/p>\n<p>The email contains the government coat of arms and ASIC logo and appears to contain a fake email signature attributed to \u2018Max Morgan, Senior Executive Leader\u2019 at ASIC.  No such employee appears to exist at the commission.<\/p>\n<p>In other warning signs, the correspondence is general in nature and doesn\u2019t address recipients by name. The domain name, asic-gov-au.co, differs from the real ASIC domain: asic.gov.au.<\/p>\n<p>The cybercriminals behind the scam advise recipients that if their business name no longer needs to be registered, they need to email bncancel@asic.gov.au, which is the real cancellation address provided by ASIC.<\/p>\n<p>This is the second large-scale fraud email purporting to be from ASIC in recent times.<\/p>\n<p>Advice from ASIC on avoiding scams<\/p>\n<p>ASIC\u2019s website says recently scammers have been contacting registry customers asking them to pay fees and give personal information to renew their business or company name.<\/p>\n<p>\u201cThese emails often have a link that provides an invoice with fake payment details or infects your computer with malware if you click the link,\u201d the ASIC website says.<\/p>\n<p>The site offers this advice for avoiding email scams:<\/p>\n<p>    Keep your anti-virus software up to date<br \/>\n    Be wary of emails that don&#8217;t address you by name or misspell your details and have unknown attachments<br \/>\n    Don&#8217;t click any links on a suspicious email.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Australians have been warned to avoid clicking a malicious email purporting to be from ASIC. The email was distributed to tens of thousands of addresses just as people arrived at work this morning. It\u2019s one of the largest-scale fraud email inundations seen in recent times. Claiming to be from the Australian Securities and Investment Commission, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":446,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-444","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/activateit.net.au\/index.php?rest_route=\/wp\/v2\/posts\/444","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/activateit.net.au\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/activateit.net.au\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/activateit.net.au\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/activateit.net.au\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=444"}],"version-history":[{"count":4,"href":"https:\/\/activateit.net.au\/index.php?rest_route=\/wp\/v2\/posts\/444\/revisions"}],"predecessor-version":[{"id":449,"href":"https:\/\/activateit.net.au\/index.php?rest_route=\/wp\/v2\/posts\/444\/revisions\/449"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/activateit.net.au\/index.php?rest_route=\/wp\/v2\/media\/446"}],"wp:attachment":[{"href":"https:\/\/activateit.net.au\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=444"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/activateit.net.au\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=444"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/activateit.net.au\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=444"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}