Fake ASIC Business Name Renewal Phishing Emails

Categories » » All Pages
06th March 2017

Beware of a FAKE email requesting Renewal of your Business Name with ASIC, complete with Australian Securities & Investment Commission logo. It is a SCAM containing a link to a dangerous website that contains Ransomware !

The first of these bogus emails that I received in March 2017 was sent from “asic-gov-au.co”, a domain name that obviously resembles "asic.gov.au" and had been deliberately selected to deceive recipients.

The underlined "Renewal letter" link connects to another domain URL that I will not share here. If you have received the message, then hovering your mouse over the link (without clicking) will reveal the actual URL destination. It is a highly suspicious "guestaccess.aspx" file which has no association whatsoever with ASIC. Ransomware awaits !

Who registered the domain name “asic-gov-au.co” ?

Ping Lun registered the domain name asic-gov-au.co on 5th March 2017

Ping Lun of Xiamen, China registered this domain name on the 5th March 2017. However, it is likely this name and address are also phony.

The asic-gov-au.co mail server is located in Quebec, Canada

The mail server is located in Quebec, Canada.

Other bogus domain names used

The domain name “asic-gov-au.co” was duly Blacklisted by Spamhaus.org and SURBL.org in April 2017. Each time this occurs, the cybercriminals simply register another domain name and continue their email scam. Here is a list of other known bogus domain names used in the ASIC Business Name Renewal email scam:

  • asic-mail-gov-au.com
  • australian-government.com
  • australiangovernments.com
  • asicdesk.com
  • prepareincometax.com
  • australiangovernement.com
  • asicsaustralia.biz
  • ato.gov.autsl.com
  • ato.gov.r-au.com

How to recognise the GENUINE Business Name Renewal Email Advice from ASIC

On Wednesday, 22nd March 2017 I received this authentic email message from ASIC.

GENUINE Business Name Renewal Email Message from ASIC

  1. Notice that the genuine ASIC email message was sent from their actual domain name “asic.gov.au
    You can examine the header code in the email message to establish where the message was actually sent from; the domain name and IP address.
  2. When you hover your mouse over the underlined "Renewal letter" link, notice that also connects to the genuine ASIC website sub-domain “post.asic.gov.au”. You can therefore confidently presume that link is safe to click. It does link to a PDF download file containing instructions explaining how to proceed and renew your Business Name.
  3. The message is signed off by Rosanne Bell, Senior Executive Leader at ASIC. Now I guess that name is easy to include in a fake message. However you can Google her name to establish that she is in fact an Executive employed by ASIC, unlike the bogus name used in the fake email message above.

More related pages …

ATO Ransomware Phishing Emails
Beware of this fake email allegedly from the Australian Taxation Office being sent by the phishing domain name atogov.email. The Word doc file attached is undoubtedly Ransomware.
Beware of suspicious email from reckonaustralia
Emails with a highly suspicious Report.xls Excel file attached are being sent out by reckonaustralia.org, a domain name registered in Moscow, Russia on 20 November 2016. This message is definitely ...
India SEO Scammers Exposed pretending to be based in Australia
The recent avalanche of Search Engine Optimization emails claiming your website contains “meta-data related mistakes” purport to be from Australia. BUT NO. Investigation exposes their o...