Client Alert: Email Scams containing Malware, Virus & Ransomware
We have recently seen a spike in the number and quality of fake emails being sent to our clients.
These emails are sent with malicious intent, purporting to be from a government agency, where you are led to click on a link that will install malware, ransomware or viruses. We have had clients lose days and weeks of productivity due to falling for these traps.
One email we have seen multiple times, appears to come from ASIC requesting that you follow a link to renew a business name. At first glance, the email is virtually indistinguishable from the real ASIC email.
Key things to look for:
- The email is sent from an address that is close to, but not the correct government address such as firstname.lastname@example.org vs email@example.com
- The fake email does not appear to mention your business name in the subject or body. Though note, the scammers continue to get sophisticated, and we would not be surprised if future emails were more targeted.
- When you hover your mouse over the ‘Renewal Letter’ hyperlink, the web address does not link to the www.asic.gov.au website, instead it is something else such as http://SAMPLE-my.sharepoint.com/ or some other website such as www.dropbox.com clicking on this link will likely install a virus or malware onto your computer.
- TYPE the email address into a Google search, and look for suspicious results. DO NOT copy and paste the email address in into the Google search (as this will take you to a hidden hyperlink)
We have provided a comparison of the real and fake emails here.
The ATO have also just published an article of the same topic:
If you receive a suspicious email, you are able to forward the email directly to ASIC (ReportASICEmailFraud@asic.gov.au) and ASIC can confirm if the email is legitimate.
For more information, see the ASIC website:
If you are still unsure, please do not hesitate to Catherine MacGregor from our office to talk you through it.