Fake ASIC Business Name Renewal Phishing Emails

06th March 2017
Article Publisher

Beware of a FAKE email requesting Renewal of your Business Name with ASIC, complete with Australian Securities & Investment Commission logo. It is a SCAM containing a link to a dangerous website that contains Ransomware !

The first of these bogus emails that I received in March 2017 was sent from “asic-gov-au.co”, a domain name that obviously resembles "asic.gov.au" and had been deliberately selected to deceive recipients.

The underlined "Renewal letter" link connects to another domain URL that I will not share here. If you have received the message, then hovering your mouse over the link (without clicking) will reveal the actual URL destination. It is a highly suspicious "guestaccess.aspx" file which has no association whatsoever with ASIC. Ransomware awaits !

Who registered the domain name “asic-gov-au.co” ?

Ping Lun registered the domain name asic-gov-au.co on 5th March 2017

Ping Lun of Xiamen, China registered this domain name on the 5th March 2017. However, it is likely this name and address are also phony.

The asic-gov-au.co mail server is located in Quebec, Canada

The mail server is located in Quebec, Canada.

Other bogus domain names used

The domain name “asic-gov-au.co” was duly Blacklisted by Spamhaus.org and SURBL.org in April 2017. Each time this occurs, the cybercriminals simply register another domain name and continue their email scam. Here is a list of other known bogus domain names used in the ASIC Business Name Renewal email scam:

  • asic-mail-gov-au.com
  • australian-government.com
  • australiangovernments.com
  • asicdesk.com
  • prepareincometax.com
  • australiangovernement.com
  • asicsaustralia.biz
  • ato.gov.autsl.com
  • ato.gov.r-au.com

How to recognise the GENUINE Business Name Renewal Email Advice from ASIC

On Wednesday, 22nd March 2017 I received this authentic email message from ASIC.

GENUINE Business Name Renewal Email Message from ASIC

  1. Notice that the genuine ASIC email message was sent from their actual domain name “asic.gov.au
    You can examine the header code in the email message to establish where the message was actually sent from; the domain name and IP address.
  2. When you hover your mouse over the underlined "Renewal letter" link, notice that also connects to the genuine ASIC website sub-domain “post.asic.gov.au”. You can therefore confidently presume that link is safe to click. It does link to a PDF download file containing instructions explaining how to proceed and renew your Business Name.
  3. The message is signed off by Rosanne Bell, Senior Executive Leader at ASIC. Now I guess that name is easy to include in a fake message. However you can Google her name to establish that she is in fact an Executive employed by ASIC, unlike the bogus name used in the fake email message above.
1 Comments - Average Rating 5 / 5 (Show All)

Add your comment ⇒

Another domain

- 27th March 2017

I received an ASIC email today with a reply address of : asic.transaction.support @ asic-mail-gov-au.com

REPLY by Gary Flack: Thanks Boris. Looking up that domain name, it was registered just a couple of days ago on 25th March 2017 by XHON XING, Xiamen, China.
asic-gov-au.co has now been Blacklisted by Spamhaus.org and SURBL.org, thus the reason why they needed to register and use a new domain name to continue their Cybercriminal activities.

Add your comment ⇒

You may also be interested in …

ATO Ransomware Phishing Emails
Traffic Infringement Phishing Email Scam
Beware of suspicious email from reckonaustralia.org
India SEO Scammers Exposed pretending to be based in Australia